Featured Issues

Getting ready for Cyber AI ImplementationAI Agents FrontierJoin the pioneers behind AG2 and autonomous research agents for a 5-hour deep dive into controlled orchestration, reproducibility, and safe deployment of scalable multi-agent architectures systems. Discover how to build deterministic, explainable, verifiable agents that eliminate hallucinations and support secure, auditable decision workflows.Limited early-bird seats remaining.Book Your Pass Now!#5: Understanding the AdversaryWelcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.Here we go on another step into the future, into a world where the world of cybersecurity brims with the confidence that AI can bring to our practice. Of course, this goal—like all goals—requires us to set up the foundations properly and figure out how we stand on them. That means, for all those struggling to make these ambitious bounds forward, establishing the “101” topics and making sure they are widely understood. For a look into the future, here's our plan:1. What “Cybersecurity AI” Actually Means2. Machine Learning 101 for Security Professionals3. Threat Detection with AI: From Rules to Models4. Adversarial Machine Learning Basics5. LLMs in Cybersecurity: Capabilities and Limitations6. Securing AI Models and Pipelines (AI Supply Chain Security)7. AI-Enhanced Offensive Techniques8. Privacy and Data Protection in AI Systems9. AI Governance, Ethics, and Risk Management10. Building a Security-Aware AI WorkflowSound good? Head over to Substack and sign up there!Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefNews WipeHow Agentic AI Can Boost Cyber Defense: This article explains how “agentic AI” — autonomous AI agents — are being deployed by security teams to triage and prioritise cyber threats. The approach helps reduce noise and speed up response times, enabling defenders to manage large volumes of alerts more effectively.Disinformation and Cyber-Threats Among Top Global Exec Concerns: A new report from the World Economic Forum (WEF) highlights that AI-powered disinformation and cyber-threats are among the biggest worries for global executives, reflecting growing fears around social-engineering, deepfakes, and AI-driven malware.Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools: Security researchers disclosed that a malicious npm (Node.js) package is using embedded “hidden prompts” and scripts to bypass AI-driven security tools — a novel kind of supply-chain attack aimed at poisoning AI defenses. This underlines how AI itself can be targeted and manipulated by attackers.HTB AI Range offers experiments in cyber-resilience training: The article describes a new initiative from Hack The Box (HTB), offering an “AI Range” — a sandbox environment where organisations can test how AI agents respond to simulated cyber-attacks, helping improve detection and resilience against automated threats. This reflects growing industry emphasis on using AI defensively, not just offensively.Exclusive: Palo Alto Networks CEO says AI demands a new focus on threat detection: At the recent AI+ Summit, the CEO of Palo Alto Networks warned that as organisations adopt AI — and attackers start doing the same — cybersecurity strategies must shift from protecting legacy systems to prioritising advanced threat detection and real-time response. He argued that AI-powered cyberattacks are now among the top risks facing enterprises globally.Culture, You, and AILike Social Media, AI Requires Difficult Choices: In his 2020 book, “Future Politics,” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” But in the early decades of this century, Susskind suggested that we face a different question: “To what extent should our lives be directed and controlled by powerful digital systems—and on what terms?”Banning VPNs:This is crazy. Lawmakers in several US states are contemplatingbanning VPNs, because…think of the children!As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” inA.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing­ potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.The EFF link explains why this is a terrible idea.Four Ways AI Is Being Used to Strengthen Democracies Worldwide: Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recentWorld Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities. We have just published the bookRewiring Democracy: How AI will Transform Politics, Government, and Citizenship.In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better.From the cutting edgeArtificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms: This 2025 review presents an in-depth survey of state-of-the-art AI/ML techniques applied to cybersecurity tasks — intrusion detection, malware classification, behavioral analysis, threat intelligence. It highlights both the progress and critical gaps: for example, lack of explainability, adversarial ML risks, scalability and privacy issues. The paper also maps out future paradigms (e.g. federated learning, quantum-AI convergence. (N. Mohamed et al.) From Knowledge and Information Systems (2025)Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations: This paper reviews how generative AI (GAI / LLMs) is transforming cybersecurity: not only for defense (e.g. threat detection, anomaly detection, automation of responses) but also how attackers may leverage GAI for social engineering, malware, phishing, and more. It discusses limitations (misuse potential, incorrect outputs, high resource/training cost) and calls for balanced, cautious adoption. (Mueen Uddin, Muhammad Saad Irshad, Irfan Ali, Fuhid Alanazi, Fahad Ahmed, Muhammad Maaz, Saddam Hussain, Syed Sajid Ullah) From Artificial Intelligence Review 58 (2025)Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review: This 2025 systematic review studies how real-world organizations are adapting their cybersecurity operations to integrate generative AI. It analyses 25 studies (2022–2025) and identifies patterns: adoption of LLMs in threat detection, automation of incident response, hybrid human–AI workflows. The paper also discusses challenges: explainability, data quality, bias, training, governance. It offers a roadmap for secure and responsible GenAI deployment in enterprise cyber-defense. (Christopher Nott)Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation: A systematic review of how generative adversarial networks (GANs) can be used—not just to mount attacks, but as defenses. The paper surveys studies (2021–August 2025) on using GAN-based techniques for network intrusion detection, malware analysis, IoT security. It lays out a taxonomy (defensive function, GAN architecture, threat model, cybersecurity domain) and discusses strengths (improved detection accuracy, resilience) and persistent challenges (instability, lack of explainability, high computational cost, absence of standard benchmarks). (Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo, Huansheng Ning)*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look back at 2025 to understand where we areMost teams dread FedRAMP—until they switch to Paramify. We make the process faster, clearer, and far more efficient by pairing smart automation with experts who help you exactly where you need it most. Come see how fun compliance can actually be, and grab a free gift when you join us for a demo.Schedule your demo here!#227: Wandering Down Memory LaneA look back at 2025 to understand where we are todayWelcome to another_secpro!We're done with social engineering for now, but if you'd like to find out how the adversary moves in the age of AI then make sure to check out the articles link in this introduction:here, here, here, here, and here.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefAI Agents Frontier - December 13, SaturdayJoin the pioneers behind AG2 and autonomous research agents for a 5-hour deep dive into controlled orchestration, reproducibility, and safe deployment of scalable multi-agent architectures systems. Discover how to build deterministic, explainable, verifiable agents that eliminate hallucinations and support secure, auditable decision workflows.Limited early-bird seats remaining. Book Your Pass Now!This week's articleA quick look back at the 2025A quick retrospective to take stock of a year of huge upheavals and change. Jump in to see what we've identified as "the big themes" of 2025 and leave your comments on Substack!Check it out todayNews BytesChinese-linked hackers deploy “BRICKSTORM” for long-term access: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert describing a sophisticated backdoor called “BRICKSTORM,” used by state-sponsored actors from the People's Republic of China to maintain stealthy, persistent access on compromised VMware vSphere and Windows systems. The implant — written in Golang — grants attackers full interactive shell access, enabling file upload/download, manipulation, and long-term compromise.New Android RAT “Albiriox” targets 400+ financial apps — live remote-control & banking fraud : A recently discovered Android malware dubbed Albiriox operates as a remote-access Trojan (RAT) and banking trojan, giving attackers control over infected devices. Once installed (often via fake landing pages or spoofed app stores), Albiriox can remotely control phone screens, intercept credentials, and execute on-device banking or crypto transactions—effectively draining accounts while under victim’s own sessions.Seven-year browser-extension campaign from “ShadyPanda” infected 4.3M users : The group known as ShadyPanda spent years publishing seemingly legitimate extensions to browsers like Chrome and Edge — accumulating user trust — before silently updating them with malicious code. The campaign reportedly infected around 4.3 million users. The case underscores long-term supply-chain-style extension abuse and raises alarm about post-installation update security.Threat actors abusing calendar subscriptions to deliver phishing & malware lures: A new trend uncovered by threat intelligence shows attackers exploiting subscription-style calendar invites to deliver phishing links. Once subscribed, victims see malicious events or links — a stealthy method that bypasses traditional email phishing filters and broadens attack surface beyond email.Critical vulnerability in React/Next.js frameworks—remote code execution via deserialization bug (Akamai): A newly disclosed flaw, CVE-2025-55182, affects multiple React-based frameworks’ server-function implementations. The vulnerability enables remote code execution when processing incoming “Flight” requests, posing a serious risk to web applications built with React / Next.js. Developers are urged to patch immediately.“Telemetry Complexity Attacks”, a new class of bypass techniques against malware analysis & EDR platforms: A recent research paper demonstrated how adversaries can exploit weaknesses in telemetry collection pipelines used by malware analysis and EDR systems. By generating deeply nested and oversized telemetry data, attackers can trigger serializer or database failures — effectively causing denial-of-analysis (DoA) and hiding malicious behavior from detection. The research flagged real-world systems for failure under this technique.The emergence of “Benzona” ransomware on underground forums: According to the latest intelligence from CYFIRMA, a new ransomware strain called Benzona was spotted being offered on dark-web forums, signaling the ongoing churn and availability of malware-as-a-service (MaaS) tools for criminals.Research claim: cybercrime globally is dominated by middle-aged offenders, not typical “teen hackers”: A study aggregating data from over 400 law-enforcement bodies suggests that most cybercriminals fall into a middle-age demographic — challenging popular stereotypes of cybercrime being driven by young hackers. The findings may reshape how law enforcement and policy target cybercrime demographics.Into the blogosphere...Shai‑Hulud 2.0: How Cortex Detects and Blocks the Resurgent npm Worm: This post details a major supply-chain attack dubbed “Shai-Hulud 2.0,” where a malicious worm compromised thousands of npm packages. It explains how the malware spreads, steals credentials, establishes persistent backdoors, and compromises developer environments — and outlines how the provider’s security tools (Cortex Cloud, XDR, Prisma Cloud) can detect and block such attacks.AI & Security: Revolutionizing Cybersecurity in the Digital Age: This article explores how artificial intelligence (AI) is transforming cybersecurity — shifting defences from reactive to proactive. It examines use-cases where AI helps detect and mitigate threats, analyzes the challenges of integrating AI into security strategies, and highlights how organizations can leverage modern AI/ML to improve their security posture.When Artificial Intelligence Becomes the Battlefield: This post dives into the darker side of AI—describing how attackers are weaponizing AI for ransomware, phishing, browser-based exploits, AI-native malware, and “vibe-hacking” (emotionally targeted phishing/extortion). It outlines real-world incidents and warns of systemic weaknesses in AI governance, urging more robust controls and oversight for AI deployments.Multi‑Dimensional Threat Intelligence Analysis: Looking for AI Adversaries: This analysis recounts how a security team monitored 427 blocked IP addresses over a short period to evaluate whether emerging AI-powered adversarial techniques were in use. The conclusion: no AI-adaptive threats detected — yet. But the report highlights infrastructure evolution (bulletproof hosting, “brand-weaponization”) and warns that adversaries may shift once detection evasion becomes easier. Offers a practical view on real-world threat-intelligence operations.Turning Kubernetes Last Access to Kubernetes Least Access Using KIEMPossible: This recent post explains how identity and permissions inside Kubernetes environments often become sprawling, giving threat actors excessive attack surface. It shows how the tool/approach “KIEMPossible” can help organisations audit, trace, and reduce permissions to enforce least-privilege — significantly reducing risk for cloud workloads.This week's academiaIntrusion detection using TCP/IP single packet header binary image for IoT networks(Mohamed El-Sherif, Ahmed Khattab & Magdy El-Soudani):This paper proposes a novel intrusion detection approach for IoT networks by converting single raw TCP/IP packet headers into binary (black-and-white) images. Then, using a lightweight Convolutional Neural Network (CNN), the system classifies traffic as benign or malicious. On benchmark IoT datasets (Edge-IIoTset and MQTTset), the method achieved perfect or near-perfect detection rates (100% binary accuracy, ~97–100% multiclass accuracy) — all with minimal computational resources. The approach avoids heavy feature engineering or payload inspection, making it suitable for resource-constrained IoT devices and real-time deployment.Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation (Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo & Huansheng Ning): This systematic review explores how Generative Adversarial Networks (GANs) are being used not just by attackers — but also defensively — for cybersecurity tasks. The paper consolidates 185 peer-reviewed studies, developing a taxonomy across defensive functions, GAN architectures, threat models, and application domains (e.g., network intrusion detection, IoT, malware analysis). The authors highlight meaningful gains (e.g., better detection accuracy and robustness) but also underscore persistent challenges: instability in GAN training, lack of standard benchmarks, high computational cost, and poor explainability. They propose directions for future research — including hybrid models, transparent benchmarks, and targeting emerging threats such as LLM-driven attacks.Red Teaming with Artificial Intelligence-Driven Cyberattacks: A Scoping Review (Mays Al-Azzawi, Dung Doan, Tuomo Sipola, Jari Hautamäki & Tero Kokkonen): This review maps how AI is transforming offensive cybersecurity — specifically red-teaming and attack simulations. Drawing on a broad literature base, the paper identifies typical AI-driven methods used by attackers (e.g., automated penetration testing, credential harvesting, social-engineering via AI) and common targets (sensitive databases, cloud services, social media, etc.). The review underscores the rising threat from AI-enabled attacks that scale, adapt, and can bypass traditional defenses — thus serving as a warning and a call for defence strategies that account for AI-driven adversaries.Adaptive Cybersecurity: Dynamically Retrainable Firewalls for Real-Time Network Protection (Sina Ahmadi): This paper argues that traditional static firewall rules are increasingly inadequate in the face of rapidly evolving threats. It proposes “dynamically retrainable firewalls”: ML-driven firewall systems that continuously retrain on incoming network data, detect anomalous activity in real-time, and adapt to new threat patterns. The work explores design architectures (micro-services, distributed systems), data sources for retraining, latency and performance trade-offs, and ways to integrate with modern paradigms like Zero Trust. It also discusses future challenges, including AI advances and quantum computing. The study suggests this adaptive firewall approach may be a key pillar for future network security.Neuromorphic Mimicry Attacks Exploiting Brain-Inspired Computing for Covert Cyber Intrusions (Hemanth Ravipati): As neuromorphic computing (brain-inspired hardware) becomes more common — especially in edge devices, IoT, and AI application — this paper demonstrates for the first time a novel class of threats: Neuromorphic Mimicry Attacks (NMAs). Because neuromorphic chips operate with probabilistic and non-deterministic neural activity, attackers can tamper with synaptic weights or poison sensory inputs to mimic legitimate neural signals. Such attacks can evade conventional intrusion detection systems. The paper provides a theoretical framework, simulations, and proposes countermeasures (e.g., neural-specific anomaly detection, secure learning protocols). The study warns that as neuromorphic hardware spreads, these threats will become increasingly relevant.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}