Build the knowledge base that will enable you to collaborate AI for years to come.

💰 Competitive Pay Structure

⏰ Ultimate Flexibility

🚀 Technical Requirements (No AI Experience Needed)

Weekly payouts + remote work: The developer opportunity you've been waiting for!

The flexible tech side hustle paying up to $50/hour

Welcome to another_secpro!

For everyone who won a prize from our last issue, you will receive an email this week to roll out an offer. Keep your eyes open and we'll arrange your gift! This week's issue contains:

-New Linux Vulnerabilities (Schneier)
- Microsoft Offers Free Cybersecurity Support to European Governments
- One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts
- Infosecurity Europe 2025 Highlights Emerging Cyber Threats
- Victoria's Secret Shuts Down Website Following Cyberattack
- Google Uncovers Vishing Campaign Targeting Salesforce Users
-Dell Addresses Critical Vulnerabilities in PowerScale OneFS

- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool
-Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration
-Offense For Defense: The Art and Science of Cybersecurity Red Teaming

Cheers!
Austin Miller
Editor-in-Chief

A retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”

Join Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up on Substack and find out everything we have to offer!

Making our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:

- #1: T1055
- #2: T1059
- #3: T1333
- #4: T1071
- #5: T1562
- #6: T1486
- #7: T1082
- #8: T1547
- #9: T1506
- #10: T1005

We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...

New Linux Vulnerabilities (Schneier): Tracked asCVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

Microsoft Offers Free Cybersecurity Support to European Governments: Microsoft has launched a new initiative to provide European governments with free cybersecurity support aimed at enhancing defenses against increasingly sophisticated cyber threats, including those powered by artificial intelligence (AI).

One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts: Since the beginning of President Trump's second term, approximately one-third of the workforce at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have left, significantly weakening one of the country's key defenses against cyber threats.

Infosecurity Europe 2025 Highlights Emerging Cyber Threats: Infosecurity Europe 2025, held at the ExCeL in London, marked its 30th anniversary with a focus on "Building a Safer Cyber World". Keynote speakers addressed evolving cyber threats, the impact of quantum and AI technologies, and the geopolitical dimensions of cybersecurity.

Victoria's Secret Shuts Down Website Following Cyberattack: Victoria's Secret has temporarily shut down its online operations following a suspected cyberattack, although its physical retail stores continue to function normally. The company has engaged third-party cybersecurity experts to investigate the breach.

Google Uncovers Vishing Campaign Targeting Salesforce Users: Google has disclosed details of a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion.

Dell Addresses Critical Vulnerabilities in PowerScale OneFS: Dell Technologies has released a critical security advisory addressing multiple flaws in its PowerScale OneFS. The most severe allows unauthenticated remote attackers to access and manipulate the file system.

PentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.

Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.

Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.