Train your own R1 reasoning model with Unsloth
You can now run and fine-tune Qwen3 and Meta's new Llama 4 models with 128K context length & superior accuracy. Unsloth is an open-source project that allows easy fine-tuning of LLMs and that also uploads accurately quantized models to Hugging Face.
Unsloth's new Dynamic 2.0 quants outperform other quantization methods on 5-shot MMLU & KL Divergence benchmarks, meaning you can now run + fine-tune quantized LLMs while preserving as much precision as possible.
Tutorial for running Qwen3 here.
Tutorial for running Llama 4 here.
Welcome to another _secpro!
200 issues! Where does the time go? We're here providing the same usual content that we always do, but ask our readers to also check out the _secpro archive on Substack for a walk down memory lane or an exciting dive into what you missed before you subscribed. This week's issue contains:
- AI Chatbots Enhance Phishing Email Sophistication
- U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
- ConnectWise Breached in Cyberattack Linked to Nation-State Hackers
- PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
- China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments
- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool
- Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration
- Offense For Defense: The Art and Science of Cybersecurity Red Teaming
Cheers!
Austin Miller
Editor-in-Chief
Reflecting on MITRE ATT&CK
Making our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:
- #2: T1059
- #3: T1333
- #4: T1071
- #5: T1562
- #6: T1486
- #7: T1082
- #8: T1547
- #9: T1506
- #10: T1005
We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...
#1: T1055
News Bytes
AI Chatbots Enhance Phishing Email Sophistication: AI chatbots like ChatGPT are making scam emails harder to detect due to their flawless grammar and human-like tone, enabling more sophisticated phishing schemes. This evolution demands new detection strategies centering on user vigilance and corporate preemptive measures. See also: Zscaler ThreatLabz 2025 Phishing Report
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud: The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. See also: Understanding Romance Scams and Cryptocurrency Fraud
ConnectWise Breached in Cyberattack Linked to Nation-State Hackers: ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor.
PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto: Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
Earth Lamia Develops Custom Arsenal to Target Multiple Industries: A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.
China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments: China-linked hackers are exploiting Google Calendar in cyberattacks on governments, using the platform to deliver malicious links and coordinate attacks, highlighting the need for increased vigilance in monitoring cloud-based services. See also: Securing Cloud-Based Collaboration Tools.
This week's academia
PentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.
Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.
Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.
Upcoming events for _secpros this year
Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!
DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.
Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.
Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.
Leaving a comment!