Welcome to another_secpro!

In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!

That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Agile Auditing.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Platform engineering is moving fast and AI is at the center of it. In this 5 hour workshop, George Hantzaras will show you how to design golden paths, build smarter developer portals, and bring AI into ops and observability. You’ll leave with practical patterns, real examples, and a 90-day roadmap to start implementing right away.

Source: Reddit

AI is revolutionizing various industries, including auditing. Traditionally, auditing has been a manual and time-consuming process, requiring auditors to sift through large volumes of data to identify discrepancies and ensure compliance. However, with the advent of AI, the audit process is becoming more efficient, accurate, and insightful. AI can analyze vast amounts of data quickly, identify patterns, and even predict potential risks, making it an invaluable tool in modern auditing.

Chrome 0-day (CVE-2025-10585): Google disclosed and patched CVE-2025-10585, a type-confusion bug in the V8 JavaScript / WebAssembly engine that has been observed exploited in the wild. Because this is an actively-exploited browser engine bug, the authoritative technical artifact is Google’s Chrome release/security bulletin (stable channel update) and associated vendor advisories rather than a research whitepaper. The release notes identify the V8 type-confusion fix and list affected Chromium builds.

Chaos Mesh “Chaotic Deputy” GraphQL flaws: JFrog Security (and follow-ups in the vulnerability ecosystem) published a technical disclosure of a set of critical flaws in Chaos-Mesh’s controller manager that expose an unauthenticated GraphQL debug API. The exposed API allows attacker-controlled calls (including endpoints to kill processes inside pods, manipulate iptables, etc.), enabling remote code execution and potential full Kubernetes cluster takeover if the operator does not restrict access. JFrog’s writeup includes proof-of-concept explanations, recommended mitigations and the patched versions.

DELMIA Apriso CVE-2025-5086: CISA added CVE-2025-5086 (deserialization of untrusted data in Dassault Systèmes DELMIA Apriso) to its KEV catalog after evidence of active exploitation. The vulnerability allows maliciously crafted serialized input to trigger remote code execution — attackers in observed campaigns delivered malicious DLLs via the flaw. CISA’s KEV listing and the NVD entry provide technical details, affected versions and required mitigation timelines (patch or compensating controls).

Shai-Hulud: Unit 42/Sysdig technical investigations: Multiple security research teams identified a novel, self-replicating worm campaign (tracked as Shai-Hulud) that has compromised hundreds of NPM packages. The malware steals developer credentials/tokens (npm, GitHub, cloud keys), implants backdoors and malicious CI workflows, and uses those stolen tokens to publish infected package updates — creating a developer-to-supply-chain propagation mechanism. Unit 42 and Sysdig provide in-depth technical writeups (IOC lists, indicators, malware behavior, recommended detection and remediation steps).

EggStreme APT framework by Bitdefender: Bitdefender published a detailed technical report on a newly observed APT toolkit dubbed EggStreme, used in targeted espionage against a Philippine military organization. Bitdefender’s writeup is a full technical breakdown: multi-stage loaders, fileless/in-memory reflective loading, DLL sideloading techniques, gRPC-based C2, and modular backdoor/keylogger payloads (EggStremeFuel → EggStremeLoader → EggStremeReflectiveLoader → EggStremeAgent). The report contains IOCs, behavioral descriptions and recommended detection rules. This is effectively a vendor whitepaper / technical advisory.

Axios abuse through the “Salty 2FA” phishing kits: ReliaQuest published a technical “Threat Spotlight” describing a surge in automated phishing using the Axios HTTP client and abuse of Microsoft 365 Direct Send to evade mail defences. Their analysis documents how Axios-based tooling and specialized phishing kits (nicknamed “Salty 2FA”) attempt to harvest credentials or bypass MFA at scale. The ReliaQuest writeup includes telemetry, attack flows, and mitigation guidance (policy hardening, Direct Send restrictions, EDR/IDS detection hints).

Multimodal Prompt Injection Attacks: Risks and Defenses: Systematic study of prompt-injection threats when inputs are multimodal (text + images + other modalities). Identifies new attack vectors that bypass text-only defenses (for example, embedding malicious instructions in images or mixed content) and evaluates mitigation strategies — useful reading for defenders building multimodal LLM apps

Prompt Injection 2.0: Hybrid AI Threats: Extends prompt-injection analysis to hybrid attacks that combine classical web/vulnerability techniques (XSS, CSRF, etc.) with prompt-injection to escape sandboxing and exfiltrate data. The paper analyzes attack chains, demonstrates proof-of-concepts, and evaluates defensive measures that bridge web security and LLM guardrails.