SecPro

A look at the week gone byBuilding GenAI infra sounds cool—until it’s 3am and your LLM is downThis free guide helps you avoid the pitfalls. Learn the hidden costs, real-world tradeoffs, and decision framework to confidently answer: build or buy? Includes battle-tested tips from Checkr, Convirza & more.Grab it now!#199: An ATT&CK Review and into the BlogosphereA look at the weekWelcome to another_secpro!For all of you who attended the RSA Conference, we hope you had a great time getting up to scratch with the goings on in this industry. Got something to share? Reply to this email and tell us about your thoughts. This week's issue contains:-Apple's AirPlay Vulnerabilities Expose Devices to Hijacking Risks-U.S. Charges 16 Russians Linked to DanaBot Malware Operation-Budget Cuts to U.S. Cybersecurity Agency Raise Concerns Amid Rising Threats-Anthropic Implements Stricter Safeguards for New AI Model Amid Biosecurity Concerns-Russian Hackers Target Western Firms Supporting Ukraine, U.S. Intelligence Reports-MITRE ATT&CK - Explained- Understanding the use cases of the MITRE ATT&CK Framework-Integrating MITRE ATT&CK with SIEM Tools-Demystifying the MITRE ATT&CK FrameworkCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefReflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 9 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy!RSA Conference 2025 – Navigating the New Cyber FrontierA reflection on this year's eventsRead the rest here!News BytesApple's AirPlay Vulnerabilities Expose Devices to Hijacking Risks: Researchers at cybersecurity firm Oligo have identified 23 significant security flaws in Apple's AirPlay system, collectively dubbed "AirBorne." These vulnerabilities could allow hackers to hijack devices connected to the same Wi-Fi network, affecting both Apple's native AirPlay protocol and third-party implementations. The discovery underscores the need for prompt security updates to protect users relying on AirPlay-compatible gadgets. Oligo's analysis reveals that the vulnerabilities stem from issues in the AirPlay protocol's implementation, allowing for zero-click remote code execution (RCE) attacks. The flaws are particularly concerning due to their wormable nature, enabling potential rapid spread across devices.U.S. Charges 16 Russians Linked to DanaBot Malware Operation: The U.S. Department of Justice has charged 16 Russian nationals associated with the DanaBot malware operation, a sophisticated tool used globally for cybercrime, espionage, and wartime attacks. DanaBot infected over 300,000 systems and was sold to other hackers via an affiliate model. Notably, it was used in state-linked espionage, including attacks on Ukraine’s defense institutions during the Russian invasion. DanaBot is a modular banking Trojan that has evolved to include functionalities such as credential theft, remote access, and data exfiltration. Its architecture allows for dynamic updates, making it adaptable to various malicious activities. Additional commentary at WeLiveSecurity.Budget Cuts to U.S. Cybersecurity Agency Raise Concerns Amid Rising Threats: Security experts warn that proposed 17% budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) could leave the U.S. vulnerable to retaliatory cyberattacks, especially as Chinese cyberattacks surge. The cuts would lead to the dismissal of 130 employees and cancellation of key contracts, compromising national cyberdefense at a time of heightened threat. Analysts express concern that the reduction in CISA's budget and workforce will hinder the agency's ability to coordinate threat intelligence sharing and respond effectively to cyber incidents, particularly those targeting critical infrastructure. See commentary by Dark Reading.Anthropic Implements Stricter Safeguards for New AI Model Amid Biosecurity Concerns: Anthropic has released Claude Opus 4, its most advanced AI model, under heightened safety measures due to concerns it could assist in bioweapons development. Internal testing indicated that the model significantly outperformed earlier versions in guiding potentially harmful activities. As a result, Anthropic activated its Responsible Scaling Policy, applying stringent safeguards including enhanced cybersecurity and anti-jailbreak measures. The Responsible Scaling Policy includes AI Safety Level 3 (ASL-3) measures, such as prompt classifiers to detect harmful queries, a bounty program for vulnerability detection, and enhanced monitoring to prevent misuse of the AI model. See Anthropic News.Russian Hackers Target Western Firms Supporting Ukraine, U.S. Intelligence Reports: Hackers affiliated with Russian military intelligence have been targeting Western technology, logistics, and transportation firms involved in aiding Ukraine. The cyber campaign sought to obtain intelligence on military and humanitarian aid shipments, using tactics like spearphishing and exploiting vulnerabilities in small office and home networks. Over 10,000 internet-connected cameras near Ukrainian borders and other key transit points were targeted. The attackers, linked to the group "Fancy Bear," employed advanced persistent threat (APT) techniques, including the exploitation of unsecured IoT devices and spearphishing campaigns, to infiltrate networks and gather intelligence on aid logistics. See the NSA report (PDF).This week's blogsMITRE ATT&CK - Explained: This comprehensive guide breaks down the MITRE ATT&CK framework, detailing its components such as tactics, techniques, and procedures. It also compares ATT&CK with the Cyber Kill Chain model, highlighting how ATT&CK provides a more flexible approach to understanding adversary behaviors across different platforms.Understanding the use cases of the MITRE ATT&CK Framework: Tailored for newcomers, this blog offers a step-by-step approach to utilizing the MITRE ATT&CK framework. It emphasizes the benefits of integrating ATT&CK into cybersecurity practices, such as improved threat detection, incident management, and communication among security professionals.Integrating MITRE ATT&CK with SIEM Tools:This article explores how to integrate the MITRE ATT&CK framework with Security Information and Event Management (SIEM) systems, specifically Microsoft Sentinel. It discusses features like the MITRE ATT&CK Blade, rule creation, and tagging, providing insights into enhancing detection and response capabilities.Demystifying the MITRE ATT&CK Framework: This blog offers a clear explanation of the MITRE ATT&CK framework, discussing its role in understanding cyber-attack patterns and applying appropriate mitigation strategies. It emphasizes the framework's value in improving an organization's cybersecurity posture and adapting to evolving threats.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A busy week for the SEC makes for excellent new?sWebinar: Introducing a Market-Changing Approach to Mobile App SecurityJoin Guardsquare to learn more about our new guided configuration approach to mobile application protection.Our latest innovation ensures that all developers can effortlessly launch apps with industry-leading protection in less than a day.This webinar will: walk through Guardsquare's new guided configuration approach; discuss how this new approach empowers mobile app publishers to easily configure security features, receive actionable insights, and monitor protection outcomes without sacrificing app performance or user experience; and cover a case study addressing how customers successfully implemented the technology.Register NowSPONSORED#174: Hacked BackA busy week for the SEC makes for excellent newsWelcome to another_secpro!It can be hard to know what to believe when it comes to the internet. Not only are the various stories sometimes obviously contradictory, but they might also be written by people who have an interest in presenting contradictory stories to drive up engagement. With that in mind, here are some talking heads the Editor thinks you can rely on (Editor: along with, of course, the Editor...).Bruce Schneier dispelled exaggerated claims about China breaking modern encryption and highlighted concerns over AI use in whistleblower programs influencing stock markets. He also discussed the indictment of a CEO for security certification fraud and detailed an Israeli operation sabotaging Hezbollah’s communication devices. Meanwhile, Cisco reported a denial-of-service vulnerability in its VPN services, and LinkedIn was fined €310 million by the Irish Data Protection Commission for privacy violations. FortiGuard Labs identified a critical vulnerability in FortiManager software, while new ransomware (Qilin.B) with enhanced evasion tactics was documented by Halcyon. Additionally, Brazil arrested a cybercriminal involved in breaches of sensitive U.S. data, and the SEC charged companies for misleading cybersecurity disclosures.Check out _secpro premiumAs always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!Cheers!Austin MillerEditor-in-ChiefNews BytesBruce Schneier -No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer: "The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunkingsaved me the trouble of writing one. It all seems to have come fromthis news article, which wasn’t bad but was taken widely out of proportion. Cryptography is safe, andwill befor along time."Bruce Schneier -AI and the SEC Whistleblower Program: "Whistleblowing firms can also use the information they uncover to guide market investments byactivist short sellers. Since 2006, the investigative reporting siteSharesleuthclaimsto have tanked dozens of stocks and instigated at least eight SEC cases against companies in pharma, energy, logistics, and other industries, all after its investors shorted the stocks in question. More recently, a new investigative reporting site calledHunterbrook Mediaand partner hedge fund Hunterbrook Capital, have churned out18investigative reports in their first five months of operation and disclosed short sales and other actions alongside each. In at least one report, Hunterbrooksays they filed an SEC whistleblower tip."Bruce Schneier -Justice Department Indicts Tech CEO for Falsifying Security Certifications: TheWall Street Journalisreportingthat the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.Bruce Schneier -More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies: "TheWashington Posthas a long and detailedstoryabout the operation that’s well worth reading (alternate versionhere). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924."Cisco - Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability: "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service... An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service."(Irish) Data Protection Agency - Irish Data Protection Commission fines LinkedIn Ireland €310 million: The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysisand targeted advertisingof users who have created LinkedIn profiles (members). The decision, which was made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, and notified to LinkedIn on 22 October 2024, concerns the lawfulness, fairness and transparency of this processing. The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling €310 million.FortiGuard Labs - Missing authentication in fgfmsd: A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability to be exploited in the wild.Halcyon - New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion: Researchers at anti-ransomware solutions provider Halcyon have documented a new version of the Qilin ransomware payload dubbedQilin.B for tracking. According to thePower Rankings: Ransomware Malicious Quartilereport, Qilin (aka Agenda) is a ransomware-as-a-service (RaaS) operation that emerged in July of 2022 that can target both Windows and Linux systems. ‍Qilin operations include data exfiltration for double extortion. Krebs on Security - Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach: "Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating theFBI’s InfraGardprogram and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data brokerNational Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population."Krebs on Security - The Global Surveillance Free-for-All in Mobile Ad Data: "Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites..."SEC - SEC Charges Four Companies With Misleading Cyber Disclosures:The charges against the four companies result from an investigation involving public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity. “As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement.Tenable - CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage: Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or crack the password. The vulnerability affected both the OPA CLI (Community and Enterprise editions) and the OPA Go SDK.This week's toolsgoliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.Upcoming events for _secprosSecTor(October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.LASCON 2024(October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.SANS HackFest Hollywood 2024 (October 29th): Choose Your Experience: In-Person or Live Online - whether you're planning to dive into the full HackFest experience in Hollywood, or the free, curated content offered Live Online, you'll walk away with new tools, techniques, and connections that will have a lasting impact on your career.ODSC West 2024 (October 29th): "Since 2015, ODSC has been the essential event for AI and data science practitioners, business leaders, and those reskilling into AI. It offers cutting-edge workshops, hands-on training, strategic insights, and thought leadership. Whether deepening technical skills, transforming a business with AI, or pivoting into an AI-driven career, ODSC provides unparalleled opportunities for learning, networking, and professional growth."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the week gone byJoin Packt’s Accelerated Agentic AI Bootcamp this June and learn to design, build, and deploy autonomous AI Agents using LangChain, AutoGen, and CrewAI. Hands-on training, expert guidance, and a portfolio-worthy project—delivered live, fast, and with purpose.Spots are limited - book now to save 50%! Don’t miss your chance to join at the lowest price.Use Code CYBER50 at checkoutOffer Valid until 18th May MidnightDon't miss out!#198: Armed with Deepfakes, Script Interpreters, and CybergeopoliticsA look at the weekWelcome to another_secpro!For all of you who attended the RSA Conference, we hope you had a great time getting up to scratch with the goings on in this industry. Got something to share? Reply to this email and tell us about your thoughts. This week's issue contains:- AI-Generated Law-Google’s Advanced Protection Now on Android-Another Move in the Deepfake Creation/Detection Arms Race-Japan Enacts Active Cyberdefence Law to Counter Foreign Threats-Dior Suffers Data Breach Exposing Customer Information-U.S. House GOP Proposal to Block State AI Laws Raises Cybersecurity Concerns-Navvis and SSM Health Agree to $6.5M Settlement Over Data Breach-Indian Government Warns of Cyber Threats Post Ceasefire with Pakistan-Maharashtra Appoints First Female Cyber CommandoCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefMITRE ATT&CK #2: T1059Understanding "Command andScripting Interpreter" exploitationRead the rest here!RSA Conference 2025 – Navigating the New Cyber FrontierA reflection on this year's eventsRead the rest here!Aembit Workload IAM PlatformSecure AI agents and app workloads without secrets.Identity-based, just-in-time access across AWS, Azure, GCPNo custom auth code required" MFA for machines" with Zero Trust built in.Backed by Snowflake, Aembit makes identity-first security practical for today’s multi-cloud, AI-powered environments.Learn more about AembitNews BytesAI-Generated Law: On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum,announcedthat the United Arab Emirates would begin usingartificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends. From Bruce Schneier.Google’s Advanced Protection Now on Android: Google hasextended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. From Bruce Schneier.Another Move in the Deepfake Creation/Detection Arms Race:Deepfakes are nowmimicking heartbeats. In a nutshell: Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats; the assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology; to effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy. From Bruce Schneier.Japan Enacts Active Cyberdefence Law to Counter Foreign Threats: Japan has passed the Active Cyberdefence Law, empowering its government to proactively monitor and counter cyber threats, including those from foreign actors. The legislation allows for the surveillance of foreign IP communications and authorizes offensive cyber actions by law enforcement and the Self-Defense Forces, marking a significant shift in Japan's cybersecurity posture. See DIESEC's analysis here.Dior Suffers Data Breach Exposing Customer Information: Luxury fashion brand Dior confirmed a cyberattack that compromised customer data, including names, contact details, and purchase histories. The breach, which did not affect financial information, was disclosed on Dior's South Korean website, with affected customers also reportedly contacted in China.U.S. House GOP Proposal to Block State AI Laws Raises Cybersecurity Concerns: A Republican-led initiative in the U.S. House aims to impose a 10-year moratorium on state-level AI regulations, intending to create a unified federal framework. However, cybersecurity experts warn that this could weaken consumer protections and data privacy safeguards, especially in the absence of comprehensive federal legislation.Navvis and SSM Health Agree to $6.5M Settlement Over Data Breach: Healthcare providers Navvis and SSM Health have agreed to a $6.5 million settlement following a 2023 data breach that exposed sensitive patient information. Affected individuals may receive up to $7,000 in compensation, depending on the extent of their losses, and are eligible for two years of free credit monitoring.Indian Government Warns of Cyber Threats Post Ceasefire with Pakistan: Following a recent ceasefire between India and Pakistan, the Indian government has issued advisories highlighting potential cyber threats. Officials are urged to remain vigilant, as cyber operations and espionage activities may continue despite the cessation of active hostilities.Maharashtra Appoints First Female Cyber Commando: Assistant Inspector Rupali Bobade of the Sangli Cyber Cell has become Maharashtra’s first female "cyber commando" after completing a rigorous six-month national training program. This initiative aims to strengthen India's digital security infrastructure by training 5,000 officers over five years.This week's toolsATT&CK Splunk Add-on (as part of Attack Range): This Splunk-supported environment is designed for testing and training based on real-world attack scenarios. It leverages MITRE ATT&CK to simulate threats and includes preconfigured Splunk dashboards and detections for ATT&CK techniques, offering a lab-like setting for defenders to hone their response strategies.ATT&CK Navigator: ATT&CK Navigator is a web-based tool for visualizing and annotating MITRE ATT&CK matrices. It allows analysts to overlay data like detection coverage, threat actor usage, or red/blue team test results to better understand where gaps exist in detection or mitigation strategies.Caldera: Caldera is an automated adversary emulation system designed to evaluate the effectiveness of cyber defense tools and processes. It uses the MITRE ATT&CK framework to model adversary behavior and execute post-compromise techniques, allowing blue teams to validate detection and response capabilities.Detection Rules: Detection Rules is a collection of threat detection rules for use with Elastic Security. These rules are directly mapped to MITRE ATT&CK techniques and tactics, enabling high-fidelity detection of adversarial behavior in environments monitored by the Elastic Stack (Elasticsearch, Kibana, etc.).Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the issuesWeb Devs: Turn Your Knowledge Into IncomeBuild the knowledge base that will enable you to collaborate AI for years to come.💰 Competitive Pay Structure⏰ Ultimate Flexibility🚀 Technical Requirements (No AI Experience Needed)Weekly payouts + remote work: The developer opportunity you've been waiting for!The flexible tech side hustle paying up to $50/hourApply now!#201: Anarchy in the CyberUKA look at the issuesWelcome to another_secpro!For everyone who won a prize from our last issue, you will receive an email this week to roll out an offer. Keep your eyes open and we'll arrange your gift! This week's issue contains:-New Linux Vulnerabilities (Schneier)- Microsoft Offers Free Cybersecurity Support to European Governments- One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts- Infosecurity Europe 2025 Highlights Emerging Cyber Threats- Victoria's Secret Shuts Down Website Following Cyberattack- Google Uncovers Vishing Campaign Targeting Salesforce Users-Dell Addresses Critical Vulnerabilities in PowerScale OneFS- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool-Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration-Offense For Defense: The Art and Science of Cybersecurity Red TeamingCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefThis week's articlesCyberUK 2025: Building Resilience in a Shifting Cyber LandscapeA retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”Get up to speedAI GRCJoin Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up on Substack and find out everything we have to offer!Check it out now!Reflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #1: T1055- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...News BytesNew Linux Vulnerabilities (Schneier): Tracked asCVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.Microsoft Offers Free Cybersecurity Support to European Governments: Microsoft has launched a new initiative to provide European governments with free cybersecurity support aimed at enhancing defenses against increasingly sophisticated cyber threats, including those powered by artificial intelligence (AI).One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts: Since the beginning of President Trump's second term, approximately one-third of the workforce at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have left, significantly weakening one of the country's key defenses against cyber threats.Infosecurity Europe 2025 Highlights Emerging Cyber Threats: Infosecurity Europe 2025, held at the ExCeL in London, marked its 30th anniversary with a focus on "Building a Safer Cyber World". Keynote speakers addressed evolving cyber threats, the impact of quantum and AI technologies, and the geopolitical dimensions of cybersecurity.Victoria's Secret Shuts Down Website Following Cyberattack: Victoria's Secret has temporarily shut down its online operations following a suspected cyberattack, although its physical retail stores continue to function normally. The company has engaged third-party cybersecurity experts to investigate the breach.Google Uncovers Vishing Campaign Targeting Salesforce Users: Google has disclosed details of a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion.Dell Addresses Critical Vulnerabilities in PowerScale OneFS: Dell Technologies has released a critical security advisory addressing multiple flaws in its PowerScale OneFS. The most severe allows unauthenticated remote attackers to access and manipulate the file system.This week's academiaPentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the issuesYour business runs on data. But how do you know if it’s reliable?Find out how to leverage Twilio Segment to collect and activate reliable data for smarter decision-making.We know you run your business on data, so you better be able to depend on it.Twilio Segment was purpose-built so that you don’t have to worry about your data. Forget the data chaos, dissolve the silos between teams and tools, and bring your data together with ease.So that you can spend more time innovating and less time integrating.Learn more#204: Spying on the Kill ChainA look at the issuesWelcome to another_secpro!This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!Check out _secpro premiumCheers!Austin MillerEditor-in-ChiefPinterest, Tinder, Meta speaking at DeployCon GenAI Summit!DeployCon is a free, no-fluff, engineer-first summit for builders on the edge of production AI—and you’re on the guest list. On June 25 Predibase is taking over the AWS Loft in San Francisco and Streaming Online for a day of candid technical talks and war stories from the teams that ship large-scale AI.In-Person @ AWS GenAI Loft – San FranciscoJune 25, 9:30AM–2:00PM PTCoffee, lightning talks, and lunch with the AI infra communityThe event is free, but space is limited so register now. Hope to see you there!Reserve Your SeatLive Stream – Wherever You AreCan’t make it to SF? Join virtually and get the same expert content, live.June 25, 10:30AM–1:30PM PTReserve Your SeatThis week's articlesReconnaissance and the Cyber Kill ChainAnd here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.Set up to startAI GRCJoin Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!Check it out now!News BytesCheck out Krebs' coverage of this month's Patch Tuesday!Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.Suspected Russian Hackers Use Advanced Phishing on UK Researcher: Reuters reports that Russian government–linked threat actors impersonated a U.S. State Department official over two weeks, using highly polished emails—potentially powered by AI—to trick Chatham House researcher Keir Giles into handing over an app-specific password. This highlights a new level of sophistication in phishing campaigns.Breaking Down the Latest Patch Tuesday Report by the SecMaster: "Microsoft has released its June 2025 Patch Tuesday security updates, addressing 66 vulnerabilities across Windows, Office, Exchange Server, Azure, Visual Studio, and other products. This includes fixes for two zero-day vulnerabilities, with one being actively exploited in the wild."Australia Requires Ransomware Victims to Declare Payments: "A new Australian law requires larger companies to declare any ransomware payments they have made."Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet: Trend Micro reveals active exploitation of a critical zero-day (CVE‑2025‑3248) in Langflow (< v1.3.0), delivering the Flodrix botnet for system compromise, DDoS, and data exfiltration. Reported June 17.Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.This week's academiaImpact of AI on the Cyber Kill Chain: A Systematic Review (Heliyon, 2024): A systematic literature review of 62 studies (2013–2023) examining how AI tools bolster attackers in early kill‑chain stages and highlighting defense gaps, with suggestions for AI‑aware defenses.Technical Aspects of Cyber Kill Chain (arXiv, 2016): A foundational paper outlining methodologies, tools, and techniques attackers use at each of the seven stages of the Cyber Kill Chain—helpful for researchers developing defensive strategies.A Cyber Kill Chain Based Taxonomy of Banking Trojans (arXiv, 2018): This study develops a CKC‑based taxonomy specifically for banking Trojans and validates it using 127 real-world samples, aiding the design of stage‑targeted detection and mitigation strategies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at 200 issuesTrain your own R1 reasoning model with UnslothYou can now run and fine-tune Qwen3 and Meta's new Llama 4 models with 128K context length & superior accuracy. Unsloth is an open-source project that allows easy fine-tuning of LLMs and that also uploads accurately quantized models to Hugging Face. Check it out on Github!Unsloth's new Dynamic 2.0 quants outperform other quantization methods on 5-shot MMLU & KL Divergence benchmarks, meaning you can now run + fine-tune quantized LLMs while preserving as much precision as possible.Tutorial for running Qwen3 here.Tutorial for running Llama 4 here.Take a look!#200: The Bicentennial Giveaway!A look at the past 200 issuesWelcome to another_secpro!200 issues! Where does the time go? We're here providing the same usual content that we always do, but ask our readers to also check out the _secpro archive on Substack for a walk down memory lane or an exciting dive into what you missed before you subscribed. This week's issue contains:-AI Chatbots Enhance Phishing Email Sophistication- U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud-ConnectWise Breached in Cyberattack Linked to Nation-State Hackers-PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto-Earth Lamia Develops Custom Arsenal to Target Multiple Industries-China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool-Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration-Offense For Defense: The Art and Science of Cybersecurity Red TeamingCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefReflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...#1: T1055Check it out here!News BytesAI Chatbots Enhance Phishing Email Sophistication: AI chatbots like ChatGPT are making scam emails harder to detect due to their flawless grammar and human-like tone, enabling more sophisticated phishing schemes. This evolution demands new detection strategies centering on user vigilance and corporate preemptive measures. See also:Zscaler ThreatLabz 2025 Phishing ReportU.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud: The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. See also: Understanding Romance Scams and Cryptocurrency FraudConnectWise Breached in Cyberattack Linked to Nation-State Hackers: ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor.PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto: Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.Earth Lamia Develops Custom Arsenal to Target Multiple Industries: A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments: China-linked hackers are exploiting Google Calendar in cyberattacks on governments, using the platform to deliver malicious links and coordinate attacks, highlighting the need for increased vigilance in monitoring cloud-based services. See also:Securing Cloud-Based Collaboration Tools.This week's academiaPentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Moving up the Cyber Kill ChainNeed something to read?Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification exam. With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of the Certified Ethical Hacker 312-50 Exam Guide.- Learn how to look at technology from the standpoint of an attacker- Understand the methods that attackers use to infiltrate networks- Prepare to take and pass the exam in one attempt with the help of hands-on examples and mock testsCheck it out today!#207: Child Cyber-Soldiers?A look at the issuesWelcome to another_secpro!Newsflash for those who missed it: Scattered Spider, the group that has been tied to a series of high-profile intrusions, raising fresh concerns about identity-based attacks and how fast threat actors are adapting, has been linked to a number of arrests in the UK. A number of young people have allegedly been involved with the cyber-gang, leading to arrests of 18, 19, and 21 year olds throughout England. As with the LAPSUS$ gang from yesteryear, it seems like another case of "innovative" young people turning to quick and dirty tactics and techniques to cause maximal damage.To get my fuller reflections on the case as it unfolds, check out this week's premium issue in the link below.Check out _secpro premiumBut, before we get bogged down in that, there's a whole newsletter still to go! Check out this week's articles, news, academic insights, and a few other little treats. If you want more, you know what you need to do - sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefTime for a surveyWe're hoping to roll out some new features in the next few weeks, but we need your input. Check out the survey below and win afree month of _secpro premium!Check out the survey!This week's articlesWeaponization in the Cyber Kill ChainBefore attackers can steal data, lock up systems, or pivot through a network, they need to get their malicious code to a target. That step is delivery. It’s the moment the payload—often malware or a malicious script—is moved from the attacker’s infrastructure into the environment of the target.Read the rest here!How AI Is Changing the Ethical Hacking GameCybersecurity has always been a race between hackers and defenders. With AI in the mix, that race just got a whole lot faster.Today's hackers are using artificial intelligence to speed up their attacks, identify new vulnerabilities, and automate decision-making. That means defenders have to be just as smart—if not smarter. In CEH v13, AI is no longer a side note. It's now a core part of the modern ethical hacker's toolkit.In the new edition of theCertified Ethical Hacker (CEH) v13: Exam 312-50 Guide, we've added entire sections in each chapter on AI-assisted hacking. You'll learn how hackers are training AI models to spot weak configurations, build deepfakes for social engineering, and evade detection tools. You'll also see how defenders can use AI to turn the tables—automating log analysis, simulating attacks, and identifying threats faster than ever before.Here's just a glimpse of what's inside:- How ShellGPT helps automate information gathering and vulnerability detection- Real-world examples of AI being used in phishing, malware development, and evasion- What tools like Microsoft Security Copilot and other AI models are doing to reshape defensive securityThis isn't just some guess about what might happen in the future; it's happening right now. The book helps you understand how to use these tools responsibly and ethically, all while staying within the CEH framework. Plus, it gets you ready for the CEH Exam.Want to read the rest? Sign up for the premiumNews Bytes“NVIDIAScape” – Critical Privilege Escalation in NVIDIA Container Toolkit: A container escape flaw (CVE‑2025‑23266, dubbed NVIDIAScape) affects NVIDIA Container Toolkit ≤ 1.17.7 and GPU Operator ≤ 25.3.0. Attackers exploiting this could elevate privileges inside AI cloud environments, potentially enabling data tampering, info-leakage, or DoS.This is a high-severity vulnerability (CVSS 9.0) for Kubernetes/AI inference workloads—patching should be prioritized across GPU-enabled clusters.CERT‑UA Details “LAMEHUG” Malware Using LLM‑Driven Phishing (APT28): Ukraine’s CERT‑UA uncovered LAMEHUG, a phishing-delivery malware using LLM-generated commands based on description-based prompts. The toolkit is linked to Russian-nexus APT28. Phishing kits empowered by LLMs allow dynamic payload generation, complicating detection and expanding spearphish campaign sophistication.Matanbuchus 3.0 Advancing Through Microsoft Teams Vector: Morphisec researchers dissected Matanbuchus 3.0 loader using Teams-based command-and-control delivery. The updated loader shows improved evasion tactics and stealth functionality as a step towards further payloads like Cobalt Strike. A MaaS loader delivered via collaboration tools signals growing risk to hybrid workplaces—detecting lateral movement is critical.BlackSuit Ransomware: Hybrid Exfiltration & Encryption TTPs: Cybereason’s July 11 BlackSuit report reveals a ransomware operation employing dual tactics: data exfiltration followed by encryption. The post includes infection chain, C2 communications, and IoCs. This hybrid tactic means defenders must prepare for both extortion and data breach contingencies—and deploy faster detection on exfiltration.WordPress‑to‑NetSupport RAT Campaign via ClickFix Plugin: Another Cybereason alert (July 7) shows threat actors delivering NetSupport RAT through compromised WordPress sites using the “ClickFix” plugin. Their chain includes SQL injection and automated dropper. Highlights growing exploitation of third-party CMS plugins to automate RAT installs, emphasizing patching/whitelisting need.Qantas Breach Deep Dive + Patch Tuesday Zero‑Day Trends: CISO Platform’s July 9 internal report examines the Qantas breach (~5.7M users via third-party compromise), connecting it to Scattered Spider activity. It also analyzes Microsoft’s Patch Tuesday, including 1 zero-day and 14 critical CVEs. Includes IoCs and recommended defense tactics. Offers high-level view of supply chain risk (third-party breaches) and insight into patch handling strategies post-zero-day patch Tuesday.This week's academia“Certified Ethical Hacker Online Course – a Case Study” by Tam N. Nguyen: This study examines the instructional design of the CEH v10 online self-study course. It evaluates how well the course aligns with national instructional standards and peer-reviewed research on online education. The author highlights key design principles—such as community engagement, frequent quizzing, and feedback mechanisms—that are critical to learner success in preparing for the CEH exam. While it doesn’t present raw pass-rate numbers, it focuses on educational best practices that improve learning outcomes and thereby CEH exam performance.“An empirical analysis of ethical hacking” by S. Rafiq: This empirical study analyzes the role of Certified Ethical Hacker certification in professionalizing ethical hacking. It traces the historical establishment of CEH, its legitimacy-building efforts, and the interplay between technical skill and ethical accreditation. The authors argue that CEH aims to systematize “thinking like a hacker” and to formalize the reputation of ethical hackers in organizations. Though concrete pass-rate data isn’t central, the paper provides context on how CEH functions as both a credential and a professional benchmark.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.Check out the survey!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Moving up the Cyber Kill ChainNeed something to read?This week, we're taking a look at Mastering Palo Alto Networks by Tom Piens aka 'reaper'. The book is available for a knockdown price for a limited time, so don't miss out!Unlock the full potential of Palo Alto Networks firewalls with expert insights and hands-on strategies for mastering next-gen security:- Master Palo Alto Networks firewalls with hands-on labs and expert guidance- Stay up to date with the latest features, including cloud and security enhancements- Learn how to set up and leverage Strata Cloud Manager- Purchase of the print or Kindle book includes a free PDF eBookCheck it out today!#206:A look at the issuesWelcome to another_secpro!It's been a busy few weeks for those of us wrestling with Scattered Spider.Over the past two weeks, the hacker group (also tracked as UNC3944 or Muddled Libra) has ramped up attacks across major industries. They’ve been using social-engineering tricks—ringing up help desks or call centers, pretending to be employees and convincing staff to reset or add MFA devices. That’s the pathway they use to slip past security, move through networks, and grab sensitive data or deploy ransomware.UK retail giants like M&S, Harrods, and Co‑Op have been hit in a wave of attacks, causing disruptions and steep financial losses. They quickly pivoted to U.S. insurance firms, and this week they’ve focused on aviation. At least Hawaiian Airlines and WestJet reported IT system incidents in late June, and most recently Qantas confirmed a breach of a third-party contact‑center platform tied to Scattered Spider tactics. That incident potentially exposed personal data of up to six million customers—names, emails, birthdates and frequent-flyer numbers—though no passports or credit card details were taken.Check out _secpro premiumThe FBI, Google/Mandiant, CrowdStrike and others issued warnings, flagging how the group targets entire industries in waves. Their method is low-tech but effective: exploit human trust to bypass tech defenses, then move laterally, extort data, and sometimes encrypt systems.Impact on global industry has been significant—retail sales stalled, insurance providers scrambled, airlines huddled with cybersecurity teams and regulators. Stock prices dipped, and affected companies are now tightening vendor controls, reinforcing help-desk protocols, and training staff to question any out-of-the-blue IT requests. Here's to better days ahead...Cheers!Austin MillerEditor-in-ChiefThis week's articlesDelivery in the Cyber Kill ChainBefore attackers can steal data, lock up systems, or pivot through a network, they need to get their malicious code to a target. That step is delivery. It’s the moment the payload—often malware or a malicious script—is moved from the attacker’s infrastructure into the environment of the target.Read the rest here!News Bytes“Mamona” – Minimalist, Offline Ransomware: Wazuh researchers have discovered a new Windows ransomware strain named Mamona, notable for its incredibly compact, self‑contained design. It encrypts files locally (adding a “.HAes” extension), delays execution using a ping trick, then self‑deletes—leaving minimal forensic traces. It doesn’t rely on C2 infrastructure, which makes detection via traditional network monitoring very difficult.Shellter Elite Hijacked for Infostealer Campaigns: Elastic Security Labs reports that a leaked version of the Shellter Elite pentest tool has been abused by threat actors to deploy info‑stealer malware such as ArechClient2/Sectop RAT and Rhadamanthys. This underscores the risks when legitimate offensive‑security tools fall into malicious hands. Tool developers responded by tightening access controls and patching misused components.Oyster Malware Loader Distributed via SEO Poisoning: Arctic Wolf reveals a campaign distributing the Oyster loader (aka Broomstick/CleanUpLoader) through fake, SEO‑optimized landing pages that mimic popular Windows utilities like PuTTY and WinSCP. Once installed, Oyster persists via scheduled tasks and delivers secondary payloads through DLL injection and obfuscated strings, communicating securely over HTTPSLummaC2 Targeting Critical Infrastructure: In a joint alert, CISA and the FBI spotlight LummaC2, a malware strain used in spear‑phishing campaigns against U.S. critical‑infrastructure organizations. Written to exfiltrate credentials, wallet data, MFA tokens, and more, LummaC2 employs obfuscation to evade detection and maintain persistence by mimicking benign API calls.Calendarwalk – Google Calendar as C2: TeamT5 via Virus Bulletin reports on Calendarwalk, a sophisticated malware tied to APT41. It abuses Windows Workflow Foundation and uses Google Calendar events as a stealthy C2 channel. The malware includes obfuscated shellcode and integrates an AES‑encrypted Chatloader backdoor, indicating deep technical innovation and evasionMedusa Ransomware’s ABYSSWORKER Driver to Disable EDR: Elastic Security Labs has uncovered a novel Bring‑Your‑Own‑Vulnerable‑Driver (BYOVD) attack: Medusa ransomware used a revoked driver called smuol.sys (from the “ABYSSWORKER” family) to impersonate a legitimate CrowdStrike driver and disable anti‑malware protections. It was packaged via a paid packer service named HeartCrypt.This week's academiaFrom Promise to Peril: Rethinking Cybersecurity Red and Blue Teaming in the Age of LLMs: This recent position paper examines how LLMs are transforming red and blue team operations. It explores how LLMs can enhance offensive capabilities—e.g., generating exploits and phishing content—while also bolstering defensive workflows like threat intelligence and root cause analysis. Abuadbba, Hicks, and the rest of the team balance LLM potential against limitations (hallucinations, context issues), dual-use risks, and propose safeguards like human oversight and privacy-preserving measures.Color Teams for Machine Learning Development: This 2021 arXiv article extends the familiar red/blue team concept into ML development workflows by introducing color-coded roles: Yellow (builders), Red (attackers), Blue (defenders), Orange, Green, and Purple teams. It outlines responsibilities across these roles and how combining them—especially Purple—creates more robust ML systems by integrating adversarial testing and defensive analysis throughout the pipeline.Red Teaming with Artificial Intelligence‑Driven Cyberattacks: A Scoping Review: This review examines how AI is being leveraged in red team activities. The paper systematically surveys AI-assisted attack tools—from automated penetration tools to social-engineering automation—highlighting their implications for both red teams and blue team defenses. It underscores the growing threat and calls for defensive strategies that address intelligent, adaptive attacksUpcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the issues#202: The First Link in the ChainA look at the issuesWelcome to another_secpro!This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!Check out _secpro premiumCheers!Austin MillerEditor-in-ChiefThis week's articlesUnderstanding the Cyber Kill ChainAnd here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.Set up to startCyberUK 2025: Building Resilience in a Shifting Cyber LandscapeIn case you missed it last week...A retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”Get up to speedAI GRCJoin Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!Check it out now!News BytesCheck out Krebs' coverage of this month's Patch Tuesday!“EchoLeak” zero-click vulnerability in Microsoft 365 Copilot:A first-of-its-kind “zero-click” exploit, dubbed EchoLeak, was discovered in Microsoft 365 Copilot. It allows attackers to exfiltrate sensitive data without any user interaction—fully weaponizing AI agents. Microsoft has since issued a patch. Aim Security confirms this is the first weaponizable zero-click AI attacker chain.GreyNoise uncovers coordinated brute‑force campaign targeting Apache Tomcat: GreyNoise Intelligence observed a sharp rise in brute-force login attempts—over hundreds of malicious IPs—aimed at Apache Tomcat Manager interfaces since June 5, indicating a likely precursor to exploitation.Bruce Schneier exposes covert Android tracking via browser–app leaks: Schneier highlights research showing how Meta and Yandex leveraged unintended browser-app communication to covertly track Android users, converting ephemeral web tags into persistent app-level IDs. Both companies ceased the practice after disclosure.Schneier testifies on AI-data exfiltration risks in U.S. government: During a House Oversight hearing on AI’s role in government, Schneier warned about “DOGE” agency affiliates exfiltrating large datasets from federal systems to feed AI tools—raising serious national security concerns.Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.This week's academiaImpact of AI on the Cyber Kill Chain: A Systematic Review (Heliyon, 2024): A systematic literature review of 62 studies (2013–2023) examining how AI tools bolster attackers in early kill‑chain stages and highlighting defense gaps, with suggestions for AI‑aware defenses.Technical Aspects of Cyber Kill Chain (arXiv, 2016): A foundational paper outlining methodologies, tools, and techniques attackers use at each of the seven stages of the Cyber Kill Chain—helpful for researchers developing defensive strategies.A Cyber Kill Chain Based Taxonomy of Banking Trojans (arXiv, 2018): This study develops a CKC‑based taxonomy specifically for banking Trojans and validates it using 127 real-world samples, aiding the design of stage‑targeted detection and mitigation strategies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Checking out malware, checking out Palo AltoNeed something to read?This week, we're taking a look at Mastering Palo Alto Networks by Tom Piens aka 'reaper'. The book is available for a knockdown price for a limited time, so don't miss out!Unlock the full potential of Palo Alto Networks firewalls with expert insights and hands-on strategies for mastering next-gen security:- Master Palo Alto Networks firewalls with hands-on labs and expert guidance- Stay up to date with the latest features, including cloud and security enhancements- Learn how to set up and leverage Strata Cloud Manager- Purchase of the print or Kindle book includes a free PDF eBookCheck it out today!#205: Spider-Scam!A look at the issuesWelcome to another_secpro!It's been a busy few weeks for those of us wrestling with Scattered Spider.Over the past two weeks, the hacker group (also tracked as UNC3944 or Muddled Libra) has ramped up attacks across major industries. They’ve been using social-engineering tricks—ringing up help desks or call centers, pretending to be employees and convincing staff to reset or add MFA devices. That’s the pathway they use to slip past security, move through networks, and grab sensitive data or deploy ransomware.UK retail giants like M&S, Harrods, and Co‑Op have been hit in a wave of attacks, causing disruptions and steep financial losses. They quickly pivoted to U.S. insurance firms, and this week they’ve focused on aviation. At least Hawaiian Airlines and WestJet reported IT system incidents in late June, and most recently Qantas confirmed a breach of a third-party contact‑center platform tied to Scattered Spider tactics. That incident potentially exposed personal data of up to six million customers—names, emails, birthdates and frequent-flyer numbers—though no passports or credit card details were taken.Check out _secpro premiumThe FBI, Google/Mandiant, CrowdStrike and others issued warnings, flagging how the group targets entire industries in waves. Their method is low-tech but effective: exploit human trust to bypass tech defenses, then move laterally, extort data, and sometimes encrypt systems.Impact on global industry has been significant—retail sales stalled, insurance providers scrambled, airlines huddled with cybersecurity teams and regulators. Stock prices dipped, and affected companies are now tightening vendor controls, reinforcing help-desk protocols, and training staff to question any out-of-the-blue IT requests. Here's to better days ahead...Cheers!Austin MillerEditor-in-ChiefThis week's articlesMastering Palo Alto NetworksWe do our best to be good to you all - so here's a free look into Mastering Palo Alto Networks by Tom Piens. The whole chapter is for free as a thank you for staying with us over the years. Check it out!Check out this excerpt!News BytesQantas suffers massive data breach via third‑party call centre:Australia’s flagship airline confirmed that hackers accessed a third-party customer‑service platform, compromising personal info—including names, emails, phone numbers, birth dates, and frequent flyer numbers—of around 6 million customers. No financial or passport data was exposed. Regulatory bodies and law enforcement are engaged, and Qantas has initiated containment, support services, and strengthened monitoring.SK Telecom fined after data leak affecting 27 million records: South Korea’s top mobile carrier was reprimanded and fined ~30 million won after a breach revealed nearly 27 million pieces of user data (including USIM data). The government mandated quarterly security reviews and a ₩700 billion investment over 5 years. SK Telecom is also replacing millions of SIM cards as a precaution.Aflac hit by social‑engineering attack tied to Scattered Spider: Health insurer Aflac reported a data breach stemming from a sophisticated phone-based social‑engineering campaign by the Scattered Spider group. The intrusion—which may have exposed customer SSNs, claims, and health data—was shut down within hours. This incident aligns with similar recent attacks on Erie and Philadelphia insurers.FBI warns airlines face rising threat from Scattered Spider: The FBI has issued alerts that Scattered Spider—an agile cybercriminal gang specializing in social engineering—has turned its focus to airlines. Previously known for breaching casinos and insurers, the group uses help‑desk impersonation and MFA bypass tactics. Cooperation with industry partners is underway to strengthen defenses.Credentials dump exposes 16 billion login details (Apple, Google, Facebook): A massive aggregation of stolen credentials—16 billion records including usernames, passwords, and URLs—was exposed, drawing from various infostealer malware campaigns. Experts warn this could fuel credential stuffing, phishing, and identity theft. Users are strongly advised to enable 2FA/passkeys, use password managers, and monitor dark‑web trade.Job‑seekers targeted in new “employment” phishing scams: Attackers are increasingly exploiting job‑seekers with fake hiring campaigns, impersonating real firms (e.g., Socure). Victims report losses averaging ~$8,000. With FTC receiving 100,000+ scam reports in 2024, companies like Socure are tightening verification. Meanwhile, DHS warns that Iranian-aligned threat actors could retaliate via cyberattacks on U.S. critical infrastructure—a reminder of broader geopolitical threats.This week's academiaThe AI Security Pyramid of Pain (Chris M. Ward et al.): This 2024 study introduces the AI Security Pyramid of Pain, adapting David Bianco’s original framework to AI systems. It structures threat levels from Data Integrity (bottom), through AI System Performance, Adversarial Tools, Adversarial Input, Data Provenance, and up to intelligent TTP-based attacks (top). The paper guides defenders on focusing defenses at higher levels that cause the most “pain” to adversaries.So, I climbed to the top of the pyramid of pain — now what? (Vasilis Katos, Emily Rosenorn‑Lanng, et al.): Published May 30, 2025, this paper examines the limitations of conventional models and proposes the Human Layer Kill Chain, integrating human factors (psychological manipulation) with AI-augmented TTPs. It introduces a “Sociotechnical Kill Plane” concept for holistic defensive strategy, bridging the Pyramid of Pain and human‑centric threat vectors.Analysis of adversary activities using cloud‑based web services to enhance cyber threat intelligence: This paper delves into proactive threat intelligence, explicitly citing Bianco’s Pyramid of Pain to clarify how different IOCs—from IPs to TTPs—vary in difficulty for adversaries and defenders. It emphasizes mapping indicators to pyramid levels to inform where defense efforts yield the greatest attack disruption.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}