NEW Weekly Series Alert!

I’m excited to launch the Cybersecurity Weekly Roundup—a new series where I’ll share the top cybersecurity news stories every Friday.

Each week, I’ll curate the biggest incidents, emerging threats, critical vulnerabilities, and key industry insights—all from trusted cybersecurity sources like CISA, MITRE, The Hacker News, and more.

Whether you're a cybersecurity pro, IT leader, or just security-curious, this roundup will help you:

Stay ahead of ransomware trends

Monitor critical vulnerabilities and patch releases

Learn about new threat actor campaigns

Track shifts in AI, ICS/OT, and post-quantum security

Every article includes a concise, expert-written summary designed to save you time and deliver actionable insights.

Check out the first edition on the blog today!
https://weblog.kylereddoch.me/2025/07/welcome-to-the-cybersecurity-weekly-roundup

Follow me for weekly updates and stay cyber-resilient!

Ready to go beyond academic theory and into real-world AI security testing?

Join Jason Haddix on November 4–5 at OWASP Global AppSec USA 2025 for a 2-day, hands-on training: Attacking AI.

This intermediate-level course is packed with case studies, real methodologies, and tactics drawn from Arcanum’s cutting-edge AI assessments.

REGISTER: https://owasp.glueup.com/event/131624/register/

Hi y'all! New to infosec.exchange!

We're RSOLV - building automated security vulnerability detection + remediation (yes, a _fix_, not just a red flag)

While researching AI-generated code, we discovered something wild: 19.6% of AI package suggestions don't exist. Hackers are pre-registering them.

Traditional scanners miss this completely. We detect AND fix it.

Journey: https://www.indiehackers.com/post/built-the-wrong-thing-at-the-wrong-time-but-discovered-something-worse-or-better-0bc8629cc0

Blog: https://rsolv.dev/blog/hidden-cost-ai-generated-code?utm_source=mastodon&utm_medium=social&utm_campaign=slopsquatting

A new Brand Story is live — this time with eSentire!

We sat down with Dustin Hillard, CTO at #eSentire, for a powerful conversation about #AgenticAI and what it really means to reach human equivalency in security operations.

From decision-making to autonomous action, this isn’t just theory — it’s a real-world look at outcomes when AI is trained and tuned with purpose.

Watch the video:
https://youtu.be/qmca7RCzSAQ

Read the full story:
https://www.itspmagazine.com/their-stories/reaching-human-equivalency-with-agentic-ai-a-real-world-look-at-security-outcomes-an-esentire-brand-story-with-dustin-hillard

Learn more about eSentire here:
https://itspm.ag/esentire-sorry4ek

Thanks to eSentire for supporting the conversation and helping us explore where AI meets security in the real world.

Sean Martin, CISSP & Marco Ciappelli
Co-Founders at ITSPmagazine

Microsoft Copilot for SharePoint just made recon a whole lot easier.
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

New Episode!
A Brand Story from the Road to #RSAC 2025 — Featuring Akamai Technologies

Every year, as we get ready for RSA Conference, we fire up the engine and the mics—not just to cover the #tech, but to capture the #business, the strategy, and most importantly, the human side of #cybersecurity.

Our latest Brand Story does just that.

In this pre-conference conversation, we sit down with Rupesh Chokshi, SVP & GM of Application Security at #Akamai, to talk about the shifting cybersecurity landscape as we move deeper into the #AI era. From #APIattacks and #LLM scraping to hybrid infrastructures and #zerotrust environments, it’s clear that security is no longer just a barrier—it’s a business enabler.

And Akamai is right at the center of that transformation.

We explore what it means to build real #cyberresilience, how organizations can rethink their security strategy in an AI-driven world, and why this year’s #RSAC2025 Conference is set to be a defining moment for both innovation and trust.

A special thank you to Akamai for sponsoring our RSAC 2025 coverage and continuing to support conversations that matter.

Watch the teaser: https://youtu.be/NH4APVuZfRc
Full episode: https://youtu.be/DMm6INJ_2Z8
Listen on the podcast: https://brand-stories-podcast.simplecast.com/episodes/ai-security-and-the-hybrid-world-akamais-vision-for-rsac-2025-with-rupesh-chokshi-svp-gm-application-security-akamai-a-rsac-conference-2025-brand-story-pre-event-conversation
Learn more about Akamai: https://www.itspmagazine.com/directory/akamai
Follow all of our RSAC 2025 stories: https://www.itspmagazine.com/rsac

We’ll see you in San Francisco for more conversations to share with your audience!

— Marco Ciappelli & Sean Martin, CISSP
ITSPmagazine Co-Founders

The replay of our session at Forum INCYBER Europe (FIC) is now online

Watch our CTO present the initial Phare results - our multilingual and independent LLM benchmark that evaluates hallucination, factual accuracy, bias, and harm potential.

The session features Matteo Dora and Elie Bursztein (Google DeepMind).

Full recording linked below

New On Location Coverage with Sean & Marco on ITSPmagazine

Cybersecurity in #Italy : A Niche Topic No More...

Not too long ago, if you mentioned #cybersecurity in Italy, you’d get a lot of blank stares. Today, it’s everywhere—boardrooms, government agencies, and, of course, #ITASEC, Italy’s official cybersecurity conference.

This year, #ITASEC2025 took over Bologna, bringing together researchers, policymakers, and industry leaders to discuss what’s next for digital security. AI security, regulatory shifts, #cybereducation — yes, even the Digital Operational Resilience Act (#DORA) that’s reshaping financial sector security—were all on the table.

Unfortunately I wasn’t in Italy at the time of the event, but that didn’t stop me from having a fascinating conversation with Professor Alessandro Armando, one of the key organizers and a leading voice in cybersecurity research. In this latest On Location episode. Of course, Sean Martin joined me and we spoke about:

How cybersecurity went from an afterthought to a national priority in Italy

Why companies are (finally) realizing that #security is an #investment, not just a cost

The rise of Cyber Challenge IT—Italy’s initiative to build the next generation of cybersecurity experts

And, of course, the big reveal… ITASEC 2026 is heading to Sardinia!

Watch the Full Video: https://youtu.be/NsdkYAYZANc

Listen to the Full Podcast: https://eventcoveragepodcast.com/episodes/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli

Subscribe to On Location Podcast: https://eventcoveragepodcast.com

Cybersecurity isn’t just about stopping threats—it’s about shaping the future of how we live, work, and trust #technology.

What’s your take? Are we heading in the right direction, or are we still playing catch-up?

#InfoSec, #CyberRisk, #AIsecurity, #CyberThreats, #CyberEducation, #CyberWorkforce, #ThreatIntel, #EthicalHacking, #PenTesting, #RiskManagement, #CyberResilience, #DataProtection, #DigitalSecurity, #CyberLaw, #TechnologyNews, #OnLocationPodcast

Hackers are taking action where others have failed—warning ransomware victims, exposing AI security flaws, and questioning biohacking ethics. Should policymakers pay more attention to hacker research? Listen now and decide.

https://youtu.be/K2Y_cLxhMuw

The Power of Words: Prompt Engineering and Jailbreaks

"Think of it like this: in social engineering, using the right words can open doors, build trust, and unlock information. Similarly, with LLMs, which are trained on vast amounts of human language, choosing the right words in your prompts is key to “opening the door” to clear, insightful, and truly valuable answers."
#AI #PromptEngineering #LLM #AICommunity #AISecurity #AIRedTeaming #AIJailBreaks

https://medium.com/@yetkind/the-power-of-words-prompt-engineering-and-jailbreaks-94ce7929a31d

I am reading up on abliterations:
https://huggingface.co/blog/mlabonne/abliteration

Still trying to wrap my head around the consequences of this. But...

...I kinda feel like abliterations have implications also for prompt injections?

As in, it feels like abliterations could mean that it is simply impossible to secure an LLM from prompt injection?

I'm sure I am misunderstanding stuff here. Anyone any input on this?

y0U hA5ε tU wR1tε l1Ke tHl5 to Break GPT-4o, Gemini Pro and Claude 3.5 Sonnet AI Safety Measures. #AI #AIVulnerabilities #AISecurity #Jailbreaking #BoNJailbreaking #CyberSecurity #MachineLearning #AIResearch #AIModels #AIExploits #GPT4o #GoogleGemini #Claude

https://winbuzzer.com/2024/12/22/best-of-n-jailbreaking-breaks-gpt-4o-gemini-pro-and-claude-3-5-sonnet-ai-safety-measures-xcxwbn/

Leike, der kürzlich erst OpenAI verließ, weil er #AIsecurity nicht ernst genug genommen sah, heuert bei Anthropic an. Spannend.

[2024/02/14]
Staying ahead of threat actors in the age of AI | Microsoft Security Blog

"[...] identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape."

https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/

Hugging Face works with Wiz to strengthen AI cloud security | Wiz Blog
https://www.wiz.io/blog/wiz-and-hugging-face-address-risks-to-ai-infrastructure

Holy crap there are a lot of #AI #Risk Frameworks, #AISecurity guides, papers, PDFs, websites, tools, opinions etc etc etc.

90% of it is pure intellectual wankery or thinly disguised "buy our snakeoil" stuff. The pathway to actionable useful information is very narrow. I'll post my list of stuff I think is worth a look once I get through reading it all.

I'm also trying to distil down the common themes, approaches, processes etc that seem to be recurring. Those are likely useful.

AI poisoning could turn open models into destructive “sleeper agents,” says Anthropic - Enlarge (credit: Benj Edwards | Getty Images)

Imagine download... - https://arstechnica.com/?p=1995975 #largelanguagemodels #promptinjections #sleeperagents #llmsecurity #aisecurity #anthropic #chatgpt #chatgtp #claude2 #biz⁢ #claude #llm #ai