We're into our final week before we host a range of big names in the business talking about what they know best - practical security in the age of AI. Drawing on a wealth of experience, they have plenty to share and will join myself for a day of insights, explorations, and, most importantly for you, discussions that build and rebuild our understanding of the landscape in these new, particular challenges.

As a thank you for your continued subscription and engagement, we've even managed to get a code especially for you, my reader: by using SECPRO60, you get 30% and can book your tickets without breaking the bank. What more could you ask for?

Check out the link below and clear out your calendar for next Saturday!

Welcome to another_secpro!

In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!

That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Risk-Based Audit Planning.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Source: Reddit

Risk-based audit planning prioritizes the high-risk areas of an organization so as to maximize the effectiveness of the audit. By focusing on areas with the greatest potential for financial loss, compliance issues, or operational inefficiencies, auditors can proactively identify vulnerabilities and support management in making informed decisions.

If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.

Mark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.

Nikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.

Thousands kept waiting for Land Rovers after hack: UK-based automaker Jaguar Land Rover (JLR) experienced a sharp production halt across several plants due to a cyberattack, affecting operations and causing delays in vehicle deliveries. The attack was attributed to a hacker alias “Rey” from the Scattered Lapsus Hunters 4.0 group. While no customer data loss has been confirmed, authorities are investigating.

Cybersecurity failures rock FEMA and 24 IT staff fired: U.S. Homeland Security Secretary Kristi Noem dismissed two dozen FEMA IT staff following serious cybersecurity mishandlings. The incident involved reactivating compromised credentials after they had been disabled, despite nearly $500 million spent on cybersecurity in FY 2025. The breach may involve state-linked Chinese hackers exploiting Microsoft vulnerabilities.

SentinelOne earnings point to strong AI-driven cybersecurity demand: SentinelOne delivered better-than-expected Q2 2026 results, pushing annual recurring revenue above $1 billion and raising full-year guidance. The surge was driven by increased demand for AI-shielded cybersecurity solutions, including its acquisition of Prompt Security. Analysts attribute growth to rising generative-AI threats and tighter regulatory demands.

The Resilient Retailer’s Guide to Proactive Cyber Defense: Retailers such as Co-operative and M&S are under rising threat from SIM-swapping and misconfigured appliances. This guide offers a defense blueprint: strong security hygiene, enforced password policies, timely patching, employee training, MDR services, and “assume breach” readiness help mitigate risks and safeguard reputations.

Chinese hackers infiltrated critical British infrastructure: GCHQ revealed that Chinese state-sponsored group Salt Typhoon has compromised the UK’s critical infrastructure—telecoms, transport, and governmental systems—as part of a broader global espionage campaign. Active since 2021, the group is linked to multiple Chinese firms, with operations traced in 80 countries, including sensitive targeting of the UK’s NCSC.

Grok's security measures have been potentially bypassed, allowing for millions to be affected with malware: Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.

Patient Care Technology Disruptions Associated With the CrowdStrike Outage (Jeffrey L. Tully; Sumanth Rao; Isabel Straw; Rodney A. Gabriel; Christopher A. Longhurst; Stefan Savage; Geoffrey M. Voelker; Christian J. Dameff): Cross-sectional study of 2,232 U.S. hospitals showing widespread disruptions to patient-facing and operational systems during the July 2024 CrowdStrike incident; proposes internet-measurement methods to monitor critical healthcare tech in real time.

LLM Agents Can Autonomously Exploit One-Day Vulnerabilities (Richard Fang; Xinye Li; Mohit Iyyer; Yixuan Li; Yanjun Qi; David Evans; Neil Gong; Z. Morley Mao; Aurore Fass; Danqi Chen; et al.): Shows that language-model agents, given tools and goals, can autonomously find and exploit freshly disclosed (“one-day”) software bugs, raising urgent questions about automated vulnerability exploitation and defenses.

On the Feasibility of Using LLMs to Execute Multistage Network Attacks (Aidan D. Singer; Mark Goldstein; Pang Wei Koh; Adam Gleave; Micah Goldblum; Zico Kolter; Dan Hendrycks) Evaluates whether modern LLMs can plan and carry out realistic, multi-step network intrusions; reports non-trivial success on chained attack tasks and analyzes controls needed to prevent misuse.

Con Instruction: Universal Jailbreaking of Multimodal LLMs via Non-Textual Modalities (Zhichao Geng; Haohan Wang; Shiyu Chang; Bo Li; Huan Zhang; et al.): Demonstrates a general jailbreak strategy for multimodal models by embedding adversarial “instructions” in images/audio/etc., transferring across models and tasks; highlights weaknesses beyond text-only prompts.

Injecting Universal Jailbreak Backdoors into LLMs in Minutes (Zhuowei Chen; Qiannan Zhang; Shichao Pei): Introduces JailbreakEdit, a model-editing method that plants a universal jailbreak backdoor post-training—in minutes—without dataset poisoning, preserving model utility while reliably bypassing safety.

Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack (Piotr Przymus; Thomas Durieux):Forensically reconstructs the XZ backdoor (CVE-2024-3094), showing how long-term social engineering and project maintenance tactics enabled the attack; offers actionable lessons for OSS governance and CI/CD.

Source: Reddit