Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification exam. With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of the Certified Ethical Hacker 312-50 Exam Guide.

- Learn how to look at technology from the standpoint of an attacker
- Understand the methods that attackers use to infiltrate networks
- Prepare to take and pass the exam in one attempt with the help of hands-on examples and mock tests

Welcome to another_secpro!

This week, we're looking at installation on CKC, reflecting on the week's biggest stories, and heading out into the quagmire of modern academia. Sound good? Scroll down and check out what we have on offer.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Webinar alert! Mobile experts from Bitrise and Embrace break down advanced CI/CD tips and real-user insights to help you speed up builds & deliver top-quality apps. Register here.

If you have worked through the more dangerous stages of a cyberattack, you probably know there’s a method to the adversarial madness. Attackers follow a loose sequence of steps to get from “target spotted” to “data exfiltrated” or “system held hostage.” The Cyber Kill Chain is, obviously, one way of describing this sequence. It’s not a law of nature, and attackers don’t always follow it like a checklist, but it helps analysts break down and understand what’s happening.

Microsoft Investigates Active Leak as SharePoint Zero‑Days Exploited for Warlock Ransomware: Microsoft is probing whether details from its Microsoft Active Protections Program (MAPP) were leaked—possibly by trusted participants—allowing Chinese-linked threat groups (Linen Typhoon, Violet Typhoon, Storm‑2603) to exploit zero‑day vulnerabilities in SharePoint. Although patches were issued in July, evidence suggests hackers began attacks soon after, raising concerns about program integrity.

Chinese‑Linked Groups Target U.S. Agencies via SharePoint Zero‑Day Campaign: A sophisticated global cyber‑espionage campaign has compromised nearly 100 organizations—including U.S. federal agencies—through SharePoint on‑prem installations. The campaign is attributed to Chinese-affiliated groups and highlights the risks of self-hosted deployments not covered by Microsoft’s cloud protections.

Storm‑2603 Deploys DNS‑Controlled AK47 C2 in Warlock and LockBit Campaigns: Researchers observed the threat actor Storm‑2603 using a DNS‑based command‑and‑control framework named AK47DNS (alongside AK47HTTP) to deploy Warlock and LockBit ransomware. The group has been active since March 2025, combining multiple ransomware families in coordinated campaigns.

Scattered Spider Ransomware Ring: Four Arrests in U.K. Retail and Airline Attacks: Four individuals (ages 17–20) were arrested in the U.K. for data theft and extortion targeting retailers like Harrods, Marks & Spencer, and Co‑op Group. The scammers, known as “Scattered Spider,” specialize in social‑engineering attacks via help desks, impersonation, and air‑gapped access.

ATM Network Breached Using 4G‑Connected Raspberry Pi and Kernel Rootkit:Threat actors (UNC2891) planted a Raspberry Pi connected via 4G and installed the CAKETAP kernel rootkit to spoof ATM hardware authentication. By hiding processes and intercepting card verification messages, they bypassed standard forensic detection.

British Transport Firm KNP Shuts Down After Ransomware via Weak Password Guessing: U.K. railway company KNP (158 years old) was victim to an Akira ransomware attack that began with a single weak employee password. A £5 million ransom demand followed; the company’s infrastructure was encrypted and the crisis unmanaged, leading to company closure and 700 job losses.

Neuromorphic Mimicry Attacks Exploiting Brain‑Inspired Computing for Covert Cyber Intrusions(H. Ravipati): This pioneering work describes a novel class of cyber‑attacks—"Neuromorphic Mimicry Attacks" (NMAs)—targeting neuromorphic chips (brain‑inspired hardware) used in edge/AI devices. By subtly tampering with synaptic weights or poisoning sensory inputs, attackers mimic legitimate neural activity and evade conventional intrusion detection. The paper proposes anomaly detection tailored to neural behavior and secure synaptic learning protocols. It’s attracting attention because as neuromorphic hardware becomes mainstream (e.g. for smart sensors, medical implants, autonomous systems), this attack vector could emerge rapidly in coming years.

From Texts to Shields: Convergence of Large Language Models and Cybersecurity (Tao Li, Ya‑Ting Yang, Yunian Pan, Quanyan Zhu): This interdisciplinary report explores how large language models (LLMs) are both empowering and challenging cybersecurity. It surveys applications like automated vulnerability analysis (e.g. 5G code scanning), generative security tooling, and network threat detection—while also examining socio‑technical concerns around trust, transparency, and fairness. It proposes human‑in‑the‑loop workflows, interpretability mechanisms, and proactive robustness testing. The paper has gained traction due to the surging integration of LLMs in defense tools and Widespread debate around safe deployment.

Red Teaming with Artificial Intelligence‑Driven Cyberattacks: A Scoping Review: (M. Al‑Azzawi, Dung Doan, T. Sipola, J. Hautamäki, T. Kokkonen): This scoping review examines how artificial intelligence can automate red‑team cyberattacks, from reconnaissance to exploit deployment. Analysing nearly 500 studies (11 included in the final review), it categorizes AI methods used to breach systems, extract data, and manipulate targets. The paper warns that AI‑powered adversarial tools are lowering the barrier for sophisticated attacks—and calls for defensive capabilities that also leverage AI to keep pace. It’s widely cited in discussions about where adversarial and defensive AI arms races are headed.

Exploring the Role of Large Language Models in Cybersecurity: A Systematic Survey (Shuang Tian, Tao Zhang, Jiqiang Liu, Jiacheng Wang, et al.): This systematic survey examines use cases of LLMs across the cyber‑attack lifecycle—from reconnaissance to lateral movement and threat intelligence. It highlights LLMs’ strengths in pattern recognition, automated exploration of network configurations, and real‑time response generation, while also covering associated risks—such as prompt injection, hallucinations, data leakage, and adversarial manipulation. The paper is timely, aligning with current concerns about prompt‑injection (now classified as a top risk in OWASP’s 2025 LLM Top 10).

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.