In conjunction with _secpro, the Packt cyber_ai newsletter is our sister publication that gives you insights into deep research, cutting-edge developments, and controversial news in that confusing and still largely misunderstood overlap in cybersecurity and artificial intelligence. Every week, we publish a newsletter that helps you get down to the most important details in a sea of AI-generated, security-compromising noise.

Sound good? Join us by following the link below.

Welcome to another _secpro!

The conflict surrounding Iran illustrates how contemporary cyber operations function as an extension of geopolitical competition rather than a separate domain of warfare. State-linked actors, proxy groups, and opportunistic cybercriminals all exploit the disruption and political polarization created by armed conflict to conduct espionage, influence operations, and disruptive attacks.

Techniques such as distributed denial-of-service campaigns, wiper malware, credential-harvesting phishing, and information manipulation are used not only to target military or government networks but also to pressure civilian infrastructure, financial institutions, and private companies that sit within the broader strategic ecosystem.

As the conflict evolves, these tactics demonstrate how cyber capabilities can be rapidly mobilized, scaled through proxy actors, and directed against a wide range of targets—creating a threat landscape in which the effects of war extend well beyond the battlefield and into the digital systems that underpin modern economies and societies.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Most SOC improvement work focuses on what happens after an investigation starts. Faster playbooks, better context, tighter workflows. All useful.

But for a lot of teams, the bigger problem is what happens before anyone even looks at the alert. Alerts come in. Analysts triage and escalate. When the arrival rate exceeds capacity, queues build and wait time spikes. 

"The Queue is the Breach" – written by Jon Hencinski, Head of Security Operations at Prophet Security – walks through the operational math behind this: alert cycle time, wait time across severity levels, analyst utilization, and what those metrics actually reveal about whether your bottleneck is people, process, or the operating model itself.

In early 2026, researchers from Group-IB published an analysis of a cyber-espionage campaign known as Operation Olalampo, attributed to the advanced persistent threat group MuddyWater. MuddyWater has long been associated with Iranian state-linked cyber activity and has historically targeted government agencies, telecommunications providers, and critical infrastructure organizations across the Middle East and surrounding regions. The Olalampo campaign demonstrates how state-aligned cyber actors continue to evolve their tactics and infrastructure while relying on proven techniques such as phishing and custom malware frameworks.

US Takes Down Record DDoS Botnets: A coordinated law enforcement operation dismantled multiple Mirai-derived botnets (Aisuru, Kimwolf, etc.) responsible for record-scale DDoS attacks, including a 31.4 Tbps burst; researchers note continued evolution toward decentralized C2 using blockchain-based DNS.

“Darksword” iOS Spyware Campaign: Researchers uncovered large-scale iOS exploitation chains targeting hundreds of millions of devices via Safari vulnerabilities, enabling rapid “hit-and-run” data exfiltration tied to suspected state-linked operators.

SocksEscort Proxy Botnet Takedown: A 15-year-old Linux malware-driven proxy network infecting ~369k IoT/SOHO devices was dismantled; operators monetized access for credential stuffing, fraud, and anonymized attack infrastructure.

Hacked Sites Deliver Vidar Infostealer: Compromised websites are being weaponized to distribute Vidar stealer via fake browser updates and drive-by downloads, emphasizing continued effectiveness of web-based initial access vectors.

AI & Browser Threat Trends in 2026 (Red Canary):
Large-scale telemetry (~110k threats) indicates adversaries are both targeting browsers and leveraging AI tooling to improve phishing, malware staging, and post-exploitation automation.

Iran-Linked Cyber Escalation Threat Brief (Unit 42):
Threat intelligence indicates increased cyber activity aligned with geopolitical tensions, including targeting of critical infrastructure and enterprise networks with coordinated campaigns.

Security for High Velocity Engineering (Jason Chan): This article explores how modern engineering organizations can embed security into rapid deployment pipelines without slowing innovation. It emphasizes threat-informed design, automation, and scaling security practices across large codebases, reflecting the shift toward DevSecOps in high-growth tech companies. (tl;dr sec)

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks! (Christophe Tafani-Dereeper): A practical, tactical guide focused on Kubernetes hardening, covering attack surfaces such as misconfigured RBAC, container escapes, and network exposure. The article provides actionable controls aligned with real-world attack paths, making it popular among cloud security engineers.

How to Securely Build Product Features Using AI APIs (Rami McCarthy): This piece analyzes security risks when integrating AI APIs (e.g., prompt injection, data leakage) and outlines defensive design patterns. It became especially relevant during the surge of generative AI adoption in 2023–2024.

AI and Machine Learning in Cybersecurity (Clint Gibler): A strategic overview of how AI/ML is used in both offensive and defensive cybersecurity, including malware detection, anomaly detection, and automated threat hunting. It also discusses limitations and future directions.

Gartner, Forrester and Cybersecurity: A Deep Dive (Ross Haleliuk): This article critically examines the role of industry analysts (Gartner, Forrester) in cybersecurity decision-making, including their influence on vendor selection and enterprise strategy. It blends market analysis with practitioner insight, making it popular among security leaders.

Copyright (C) 2025 Packt Publishing. All rights reserved. 

Our mailing address is: 

Packt Publishing, Grosvenor House, 

11 St Paul's Square, Birmingham, 

West Midlands, B3 1RB, United Kingdom 

Want to change how you receive these emails? 

You can update your preferences or unsubscribe.