Welcome to another_secpro!

This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!

Cheers!
Austin Miller
Editor-in-Chief

And here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.

In case you missed it last week...

A retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”

Join Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!

“EchoLeak” zero-click vulnerability in Microsoft 365 Copilot:A first-of-its-kind “zero-click” exploit, dubbed EchoLeak, was discovered in Microsoft 365 Copilot. It allows attackers to exfiltrate sensitive data without any user interaction—fully weaponizing AI agents. Microsoft has since issued a patch. Aim Security confirms this is the first weaponizable zero-click AI attacker chain.

GreyNoise uncovers coordinated brute‑force campaign targeting Apache Tomcat: GreyNoise Intelligence observed a sharp rise in brute-force login attempts—over hundreds of malicious IPs—aimed at Apache Tomcat Manager interfaces since June 5, indicating a likely precursor to exploitation.

Bruce Schneier exposes covert Android tracking via browser–app leaks: Schneier highlights research showing how Meta and Yandex leveraged unintended browser-app communication to covertly track Android users, converting ephemeral web tags into persistent app-level IDs. Both companies ceased the practice after disclosure.

Schneier testifies on AI-data exfiltration risks in U.S. government: During a House Oversight hearing on AI’s role in government, Schneier warned about “DOGE” agency affiliates exfiltrating large datasets from federal systems to feed AI tools—raising serious national security concerns.

Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.

Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.

Impact of AI on the Cyber Kill Chain: A Systematic Review (Heliyon, 2024): A systematic literature review of 62 studies (2013–2023) examining how AI tools bolster attackers in early kill‑chain stages and highlighting defense gaps, with suggestions for AI‑aware defenses.

Technical Aspects of Cyber Kill Chain (arXiv, 2016): A foundational paper outlining methodologies, tools, and techniques attackers use at each of the seven stages of the Cyber Kill Chain—helpful for researchers developing defensive strategies.

A Cyber Kill Chain Based Taxonomy of Banking Trojans (arXiv, 2018): This study develops a CKC‑based taxonomy specifically for banking Trojans and validates it using 127 real-world samples, aiding the design of stage‑targeted detection and mitigation strategies.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.