Most teams dread FedRAMP—until they switch to Paramify. We make the process faster, clearer, and far more efficient by pairing smart automation with experts who help you exactly where you need it most. Come see how fun compliance can actually be, and grab a free gift when you join us for a demo.

Welcome to another_secpro!

We're done with social engineering for now, but if you'd like to find out how the adversary moves in the age of AI then make sure to check out the articles link in this introduction:here, here, here, here, and here.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

The platform landscape evolves weekly- new tooling, practices, architectures, and real-world lessons from teams building internal developer platforms at scale. Subscribe now and stay ahead with deep dives on IDPs, golden paths, Kubernetes platforms & DevEx strategy.

A quick retrospective to take stock of a year of huge upheavals and change. Jump in to see what we've identified as "the big themes" of 2025 and leave your comments on Substack!

And, as a little bonus, here are top 5 most popular articles from over the last year. Take a look and tell us what you think!

Mastering Palo Alto Networks
Reflecting on the Cyber Kill Chain
Scattered Spider: an in-depth technical and contextual report
Unit 42 on non-phishing vectors
Data Privacy Program and Principles

“Trend Micro Warns of ‘Vibe Crime’ as Cybercriminals Automate Attacks”: Trend Micro’s recent report highlights the emergence of “vibe crime,” a new class of fully automated cyberattacks powered by agentic AI. Instead of traditional manual schemes, these attacks use coordinated AI agents to execute phishing, fraud, and infiltration at scale without human oversight. The article details how AI-driven criminal automation drastically increases attack volume and represents a new paradigm for cyber threats — and outlines defensive strategies that leverage AI for resilience.

“OpenAI Warns New Models Pose ‘High’ Cybersecurity Risk”: OpenAI has publicly cautioned that forthcoming advanced AI models could introduce significant cybersecurity risks, including the potential automatic generation of zero-day exploits and automated intrusions. The company outlines defensive steps it is taking — such as building integrated defensive tooling, access controls, and monitoring practices — and announces the formation of a Frontier Risk Council focused initially on cyber threats.

“UK MPs Face Surge in Phishing Attacks via Messaging Apps”: This piece reports a sharp increase in targeted phishing attacks against UK Parliament members and officials through encrypted messaging platforms like WhatsApp and Signal. Russian-linked actors are leveraging SIM-based brute techniques and deceptive support messages to gain access credentials or install malware — prompting cybersecurity advisories from the UK’s National Cyber Security Centre.

“Smarter Holiday Scams Emerge as Criminals Tap AI Tools”: Cybercrime expert Eric O’Neill examines how criminals are leveraging AI to craft sophisticated holiday-season scams. The article describes personalisation techniques using AI-generated voice cloning, fake texts, and simulated delivery alerts, which significantly elevate the success rate of social engineering attacks. It also provides defensive recommendations, including multi-factor authentication and vigilant verification processes.

“Top Cybersecurity Trends From 2025: Rapid AI Adoption and Ransomware Risks”: This industry article outlines the most impactful cybersecurity trends of 2025 — especially the expanding use of AI and agentic automation, heightened ransomware activity, and the need for secure software development practices. It explores how organisations are adapting to these combined pressures through risk management strategies and investment in automated defenses.

“Cybersecurity predictions for 2025”(Frankly Speaking): A forward-looking analysis of how cybersecurity will evolve in 2025, with an emphasis on the impact of artificial intelligence, security budgets, SOC transformation, and how organisations integrate AI into defensive strategies. The author highlights deeper systemic shifts, such as moving security teams toward engineering-centric practices and the changing role of tooling and talent.

“New Security Strategies, Spyware & Surveillance” (International Cybersecurity): A recent weekly analysis covering rapid developments in cyber policy, state-linked attack vectors, and national cybersecurity strategies. It discusses how legislation, geopolitics, and surveillance tools are shaping national cyber postures. The post highlights newly identified exploits and persistent threats such as advanced spyware targeting global networks.

“Cyber & Cognitive Conflict Compass: Evolving Threats & Policy Dynamics” (International Cybersecurity): This article outlines a nuanced view of how cyber and cognitive operations interconnect—exploring zero-day exploit disclosures, geopolitical information operations, and multi-jurisdictional policy responses that affect the global threat landscape. It’s particularly valuable for understanding the intersection of cyber, intelligence, and statecraft.

Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations fromArtificial Intelligence Review: This open-access comprehensive review explores how generative artificial intelligence (GenAI) is reshaping cybersecurity. It examines GenAI’s contributions to threat intelligence, automated defenses, and operational analytics, alongside the risks posed by adversarial use of generative models. The paper synthesizes recent research on AI-enabled detection, automated response mechanisms, and predictive security operations, offering a broad view of GenAI’s dual role as both a defense multiplier and a vector for sophisticated attacks.

Neuromorphic Mimicry Attacks Exploiting Brain-Inspired Computing for Covert Cyber Intrusions (Hemanth Ravipati): This paper introduces Neuromorphic Mimicry Attacks (NMAs), a novel class of cyber threat targeting neuromorphic computing architectures inspired by biological neural systems. Ravipati outlines how attackers can exploit the probabilistic operation of neuromorphic chips to evade traditional intrusion detection systems, presenting a theoretical framework, simulated evaluations, and tailored countermeasures such as neural anomaly detection and secure learning protocols.

Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation (Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo, Huansheng Ning): This systematic review examines the dual role of Generative Adversarial Networks (GANs) in cybersecurity — as both offensive tools (e.g., for generating adversarial samples) and defensive mechanisms that enhance threat detection accuracy. The authors deploy a PRISMA-guided review across major cybersecurity domains (intrusion detection, malware analysis, IoT security), develop a taxonomy of GAN applications, and provide a roadmap for future work addressing training instability, benchmarking, and explainability.

From Texts to Shields: Convergence of Large Language Models and Cybersecurity (Tao Li, Ya-Ting Yang, Yunian Pan, Quanyan Zhu): This interdisciplinary report explores the integration of large language models (LLMs) into cybersecurity workflows. It focuses on how LLMs are applied to network and software security, vulnerability analysis, and generative security engineering. The work also discusses socio-technical challenges — such as interpretability, safety, and ethical deployment — and proposes strategies like human-in-the-loop oversight and proactive robustness testing to mitigate risks.

A decade of cybersecurity research in internal auditing: bibliometric mapping and future research agenda fromDiscover Sustainability (Springer): This bibliometric study maps nearly 4,000 Scopus-indexed cybersecurity research outputs related to internal auditing over ten years. It identifies publication trends, key authors and institutions, evolving thematic clusters, and citation dynamics. The article highlights areas of concentrated research activity and proposes future directions to strengthen cybersecurity integration within internal audit practice and governance frameworks.

Building a Cybersecurity Culture in Higher Education: Proposing a Cybersecurity Awareness Paradigm (Reismary Armas & Hamed Taherdoost): Recognizing the human factor as a critical cybersecurity frontier, this research proposes a structured paradigm for cultivating cybersecurity awareness in higher education institutions. The authors analyze current gaps in awareness, outline key cultural and behavioural components, and recommend institutional strategies to embed sustainable cybersecurity practices among students, faculty, and administrative stakeholders.