Need something to read?
Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification exam. With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of the Certified Ethical Hacker 312-50 Exam Guide.
- Learn how to look at technology from the standpoint of an attacker
- Understand the methods that attackers use to infiltrate networks
- Prepare to take and pass the exam in one attempt with the help of hands-on examples and mock tests
#210: Hitting C2 with Defensive C4
A look at the issues
Welcome to another _secpro!
This week, we're looking at installation on CKC, reflecting on the week's biggest stories, and heading out into the quagmire of modern academia. Sound good? Scroll down and check out what we have on offer.
If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!
Cheers!
Austin Miller
Editor-in-Chief
This week's articles
C2 in the Cyber Kill Chain
To understand the role of command and control in a cyber attack, it's helpful to start with the step that immediately precedes it—installation (handily, that’s exactly what we discussed last week). When someone talks about a cyber attack moving beyond just probing or scanning, they’re often referring to the attacker getting something persistent inside the target’s system...
News Bytes
GreedyBear Steals $1 M in Crypto Using 150+ Malicious Firefox Wallet Extensions: A campaign codenamed GreedyBear exploited over 150 malicious extensions in the Firefox marketplace, disguised as popular crypto wallets (e.g., MetaMask, Exodus). By using a tactic called “Extension Hollowing”, attackers first built credibility by uploading benign extensions, then weaponized them later—resulting in the theft of over $1 million in cryptocurrency.
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems: Two critical remote code execution (RCE) vulnerabilities (CVE‑2025‑54948 and CVE‑2025‑54987, CVSS 9.4) in Trend Micro Apex One Management Console—on-premise—are being actively exploited in the wild. A temporary fix tool is available while a formal patch is expected mid‑August. Mitigation guidance includes restricting remote access and patching promptly.
Storm‑2603 Deploys DNS‑Controlled Backdoor in Warlock and LockBit Ransomware Attacks: The threat actor Storm‑2603 has exploited SharePoint vulnerabilities, deploying a DNS‑based backdoor (AK47DNS) and HTTP variant (AK47HTTP) to deliver both Warlock and LockBit ransomware. Using tools like PsExec and masscan, it executed a sophisticated hybrid of APT and criminal tactics targeting Latin American and APAC organizations since early 2025.
CL‑STA‑0969 Installs Covert Malware in Telecom Networks During 10‑Month Espionage Campaign: A state-sponsored threat cluster, CL‑STA‑0969 (linked to Liminal Panda), infiltrated Southeast Asian telecommunication infrastructure for nearly 10 months. Though no data was stolen, victims were implanted with various advanced tools (e.g., AuthDoor, Cordscan, EchoBackdoor, ChronosRAT) for persistent covert access and intelligence gathering.
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps: A flaw named MCPoison (CVE‑2025‑54136, CVSS 7.2) in the AI-powered Cursor code editor could allow remote code execution (RCE). An attacker can initially gain code trust through a benign Model Context Protocol (MCP) configuration, then swap it for malicious content—executed silently when the user opens Cursor. Fixed in version 1.3 with stricter approvals.
Akira Ransomware Exploits SonicWall VPNs in Likely Zero‑Day Attack on Fully‑Patched Devices: The Akira ransomware group has been leveraging SonicWall SSL VPNs, possibly exploiting a zero-day vulnerability, even on fully patched devices. Attacks began mid‑July, and organizations are advised to disable VPN access temporarily, enforce multi-factor authentication (MFA), audit user accounts, and bolster password hygiene.
This week's academia
From Texts to Shields: Convergence of Large Language Models and Cybersecurity (Tao Li, Ya‑Ting Yang, Yunian Pan, Quanyan Zhu): This paper explores how large language models (LLMs) intersect with cybersecurity—ranging from using LLMs for vulnerability analysis in 5G networks to generative security engineering. It also examines challenges like transparency, ethics, and safety in deploying LLMs and proposes a research roadmap for secure adoption in cyber contexts.
Cybersecurity through Entropy Injection: A Paradigm Shift from Reactive Defense to Proactive Uncertainty (Kush Janani): Introduces the concept of deliberately injecting entropy—randomness—into systems to enhance unpredictability and thwart attackers. The study includes theoretical foundations, practical implementations (like ASLR and moving target defenses), and shows how entropy-based approaches can cut attack probability dramatically (by over 90%) with minimal performance impact.
Neuromorphic Mimicry Attacks Exploiting Brain‑Inspired Computing for Covert Cyber Intrusions (Hemanth Ravipati): Examines vulnerabilities in neuromorphic computing—hardware designed to mimic brain functioning. The research introduces “Neuromorphic Mimicry Attacks” (NMAs), where attackers subtly manipulate neural activity to breach systems undetected. It proposes defenses tailored to neuromorphic systems, like anomaly detection and secure synaptic protocols.
Cyber Shadows: Neutralizing Security Threats with AI and Targeted Policy Measures (Marc Schmitt, Pantelis Koutroumpis): Analyzes the concept of “cyber shadows”—hidden or indirect threats in the digital age—and advocates for a dual approach combining AI-driven systems (like intrusion detection) with policy and regulatory mechanisms to form a more robust, multilevel cybersecurity strategy.
Prompt Injection—Emerging Risks in LLM‑Integrated Cybersecurity Systems (Various): Discusses "prompt injection" attacks—where malicious inputs manipulate LLM behavior. Notably, a 2025 report revealed academic papers embedding hidden prompts to skew AI-powered peer review systems, illustrating how prompt injection can compromise academic integrity. This underscores present-day vulnerabilities in AI-assisted processes.
Interested in an upcoming conference?
Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!