Featured Issues

Interested in something new?Life doesn't stand still. Neither does cybersecurity. In part, this is because cybersecurity is a concept and concepts can't stand at all—still or otherwise—but that is a concern for another day. If you have a finger on the pulse of the current landscape, you've probably noticed that quite a lot of people have quite a lot to say about AI, its role in cybersecurity, and how the future seems to be changing... and possibly even for the better.If you're interested in keeping up with this conversation (or you have been living under a rock and need to do some quick catching up), you might like our soon-to-be available newsletter:CyberAI with Packt. We will be riding the currents of the day, diving into the emerging issues and getting to the heart of the problem with our friends working on the front lines and wanting to show their battle scars. Sound like something interesting? Check out the survey below and tell us what you'd like to see.Take the survey - get the newsletter#218: AI for BeginnersA friendly resource for people low down the ladderWelcome to another_secpro!This week, we've included a PDF resource to help you improve your training sessions and help the non-specialists amongst us to make the right moves in the age of AI. We've also expanded the news we've been pouring over as well as included a few academic essays. Check them out!- A Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”- Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025- Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025)- Analysis of Publicly Accessible Operational Technology and Associated Risks- Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited- Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363)- Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”- CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks- FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”- Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport DisruptionsCheck out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleCybersecurity AI FAQsA cybersecurity professional's worst nightmare often instead an APT, a skilled hacker, or even a bored script kiddie with time to waste. It's often the most fearsome threat to internal security known to humanity: the average Joe employee.The kinds of errors that the adversary can seize upon are the kinds of errors that the average Joe makes through ignorance - and, often, it's not entirely his fault that he's ignorant about these things. Due to the nature of cybersecurity and cyberthreats, even a curious layman with a strong sense of responsibility to make sure he understands the newest emergent threats doesn't have enough time to get into the nitty-gritty of what makes a seemingly innocent action into the very thing the adversary needs to get working. Because of that, we've put together a handy little 10-point document to share with your coworkers, staple to walls, and build into your training sessions.Click below to check it out!Get the shareable document hereNews BytesA Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”: This arXiv paper provides a novel geopolitical threat-intelligence-based analysis of cyber threats targeting the energy sector. By applying generative AI to structure raw threat data, the authors map actor origins vs target geographies, assess detection tool effectiveness (especially learning-based), and highlight evolving trends (including supply chain, third-party, and state-actor activity) in the energy domain. Their findings offer actionable insights into risk exposure and resilience for operators and policymakers.Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025: This report examines threat activity targeting ICS (Industrial Control Systems) in Q2 2025, breaking down external vs internal threats, types of malware detected, and penetration depth across network boundaries. Key findings include that ~20.5% of ICS systems blocked some threats, with malware types including spyware, backdoors, malicious scripts, and rogue documents. The report also analyses “borderline” systems where initial external penetration meets internal propagation, highlighting persistent risks in OT infrastructures.Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025): A companion to the previous report, this document specifically focuses on industrial automation systems (e.g., HMIs, SCADA, local control networks) and tracks how often these systems are attacked, what types of malware and scripts are used, and the trends in exposure over time. It also discusses implications for segmentation, detection, and response in critical infrastructure settings.Analysis of Publicly Accessible Operational Technology and Associated Risks: This research quantifies and analyses OT devices exposed on the public internet, identifying nearly 70,000 such systems globally using vulnerable protocols (e.g. ModbusTCP, EtherNet/IP, S7). The authors use automated screenshot analysis to reveal exposed HMIs/SCADA interfaces, outdated firmware, and predictable configurations. The study underscores how misconfigured or publicly accessible OT systems create dangerous attack paths into critical infrastructure.Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited: Tenable’s research team provides a detailed walkthrough of two zero-day vulnerabilities actively exploited in Cisco’s Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) products (CVE-2025-20333 and CVE-2025-20362). They explain how these flaws can be chained, the attack surface involved (VPN web server), the threat actor attribution (UAT4356 / ArcaneDoor), and mitigation strategies. This is timely given the widespread deployment of Cisco ASA in critical networks.Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363): This threat research brief gives technical detail on how Cisco ASA vulnerabilities impacting WebVPN and HTTP/HTTPS services are being actively exploited by state-sponsored attackers. It highlights persistent techniques (including firmware and ROM modification), evasion of logging, and the survival of implants across device reboots/updates. Useful for defenders needing to understand the root cause and attack chain.Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”: Greenbone’s security blog summarises the newly disclosed Cisco CVEs (including CVE-2025-20333 and CVE-2025-20362) and provides context for detection and remediation via their vulnerability scanners. They explain the exploitation risk (especially for unpatched VPN web server configurations) and give guidance for scanning and prioritising vulnerable assets.CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks: This advisory provides detailed technical description and IOCs (Indicators of Compromise) for the exploitation of Cisco ASA/FTD zero-days by threat actors, particularly focusing on configuration bypass, persistence, and the importance of isolating impacted devices. It also includes recommendations for network segmentation and migration to supported hardware due to end-of-life concerns.FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”: FortiGuard provides a technical briefing on the ArcaneDoor espionage campaign, tracking its evolution, exploitation patterns, and implications for Cisco firewall deployments. The report discusses how the attackers maintain persistence, perform reconnaissance and lateral movement, and how defenders should respond at scale.Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport Disruptions: In their weekly digest, Black Arrow highlights several important cyber events: (1) the exploitation of MFA bypass and third-party/supply chain weaknesses contributing to prolonged cyber incidents, (2) disruption at European airports via attacks targeting Collins Aerospace’s Muse software, and (3) increasing sophistication of ransomware groups focusing on data theft. While not a formal academic paper, this briefing is authored by credible threat intelligence analysts and includes incident patterns, risks, and mitigation recommendations.This week's academiaRansomware 3.0: Self-Composing and LLM-Orchestrated: introduces a research prototype and threat model for LLM-orchestrated ransomware that uses large language models at runtime to synthesize payloads, perform reconnaissance, and carry out extortion in a closed loop. The paper evaluates this capability across personal, enterprise and embedded environments and presents behavioral signals/telemetry to help build defenses. This work sparked media attention because it shows how low-cost LLMs could materially lower the barrier to generating effective malware (research demonstration, not a deployed criminal campaign).Author(s): (Md Raz, Meet Udeshi, P.V. Sai Charan, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri.)A Survey of Attacks on Large Language Models: a systematic survey cataloguing attacks against LLMs and LLM-based agents (training-phase attacks, inference-phase attacks, availability/integrity attacks). The paper reviews representative methods and defenses, organizes threat taxonomies, and highlights open research challenges for securing deployed LLM systems. This is useful background for anyone tracking LLM security trends and countermeasures. (Wenrui Xu, Keshab K. Parhi)To Patch or Not to Patch: Motivations, Challenges, and Implications for Cybersecurity: a focused review on why organizations delay or avoid applying security patches. The paper synthesizes industry and academic literature to identify incentives/disincentives (resource limits, legacy systems, risk perceptions, vendor relationships, human factors) and discusses implications for vulnerability management and policy. Highly relevant given recurring mass-exploitation incidents (Log4Shell, WannaCry, supply-chain incidents) where delayed patching was critical. (Jason R. C. Nurse, Institute of Cyber Security for Society / University of Kent)Unraveling Log4Shell: Analyzing the Impact and Response to the Log4j Vulnerability: a comprehensive technical measurement and analysis of the Log4Shell (Log4j/CVE-2021-44228) incident: discovery timeline, exploitation patterns, measured attack volumes, impacted sectors, and mitigation/response strategies. Useful both as a historical case study and as a guide to improving open-source component hygiene and incident response practices.Author(s): John Doll, Carson McCarthy, Hannah McDougall, Suman Bhunia (Dept. of Computer Science & Software Engineering, Miami University).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Opera’s AI browser, OpenAI’s social app, Meta’s AI lab tensionsAI_Distilled #115: What’s New in AI This WeekWelcome to this week’s newsletter! From groundbreaking AI tools and new social platforms to TikTok’s uncertain U.S. journey and discoveries stretching to the edges of our solar system, we’ve gathered the most impactful stories you need to know. Dive in to catch up on the innovations, business moves, and cosmic milestones shaping our world today.LLM Expert Insights,Packt📈LATEST DEVELOPMENTOpera’s AI Browser NeonOpera launched a $19.99/month AI-focused browser, Neon, for heavy AI users. It offers automated task workflows (“Cards”), organized AI chat workspaces (“Tasks”), and even code generation—entering a crowded field as Chrome, Edge and others add similar AI features. You can join the waitlist here.OpenAI’s New Social AppOpenAI unveiled Sora, an invite-only social media app that generates a TikTok-like video feed using AI. The Sora app is powered by OpenAI’s recently launched Sora 2 video generation model. Sora’s standout “Cameo” feature lets users insert video clips of real people (like themselves) as characters into the AI-generated content. Take a look at the official announcement here.Advance your technical career with actionable, practical solutions | AWS re:Invent 2025 Las VegasTransform your skills at AWS re:Invent 2025. Master new AWS services, join immersive workshops, and network with top cloud innovators at AWS re:Invent 2025. As a re:Invent attendee,you'll receive 50% discount code towards any AWS Certification exam.Our 2025 event catalog is now available!EXPLORE THE EVENTTensions at Meta’s AI Lab?The Information reported that the father of deep learning and a longtime Meta AI executive considered quitting as leadership imposed stricter controls on publishing research, angering staff. The clash underscores internal tensions in Meta’s AI group as it adjusts to new management and priorities. Read The Information’s report here.TikTok’s U.S. LifelineA new U.S. executive order has paved the way for TikTok to continue operating domestically after years of uncertainty. But the proposed deal is complex and already facing political pushback from Washington lawmakers. Here is the executive order.That’s all for this week’s roundup. Stay curious, stay informed, and join us again next week for more news.EXPERT INSIGHTSWhy is DeepSeek different from popular SOTA LLMs?The landscape of large language models (LLMs) is shaped by both technological innovation and strategic positioning. While dominant players such as OpenAI, Google, and Anthropic continue to push the boundaries of proprietary models, DeepSeek has emerged as a formidable open-source contender.In this article, our experts and authors of our upcoming book DeepSeek Essentials—Andy Peng, Alex Strick van Linschoten, and Duarte Carmo reflect on how DeepSeek differs from proprietary systems like GPT-4.5, Claude 4, and Gemini 2.5 Pro.One of the key reasons why DeepSeek stood out was because of its divergent philosophy from other model creators. Proprietary models are typically guarded through closed APIs, restrictive licenses, and opaque training methods. They are engineered for safety and monetization...READ FULL ARTICLEBuilt something cool? Tell us.Whether it's a scrappy prototype or a production-grade agent, we want to hear how you're putting generative AI to work. Drop us your story at nimishad@packtpub.com or reply to this email, and you could get featured in an upcoming issue of AI_Distilled.📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!That’s a wrap for this week’s edition of AI_Distilled 🧠⚙️We would love to know what you thought—your feedback helps us keep leveling up.👉 Drop your rating hereThanks for reading,The AI_Distilled Team(Curated by humans. Powered by curiosity.)*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}