|
 |
Still chasing browser patches? Chrome Enterprise can handle that.
 |
Chrome Enterprise Premium delivers always-on browser protection, policy enforcement, and centralized control to eliminate manual updates and reduce security risks.
Welcome to another _secpro!
As we step out into another week of cybersecurity-related shenanigans, it’s important to remember some perspective and how we frame the constant threat of the adversary. It’s easy to become doom-and-gloom about the possibilities of every getting away from the constant worry of “the next big disaster”. There’s no magic fix for that, obviously, but we can take our time, gather our resources, and build plans and processes that cut the adversary off. As a part of that, tackling the problem of social engineering is one of the more challenging difficulties to tackle...
That’s why we’re back into social engineering this week and, this time, we’re exploring how the adversary moves in the age of AI. If you’ve missed our other investigations, then check them out here, here, here, here, and here.
If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!
Cheers!
Austin Miller
Editor-in-Chief
This week’s article
Unit 42 on “Adversarial Innovation in the Age of AI”
 |
In their latest research, Unit 42 explains that many social engineering attacks don’t need advanced hacking tools. Instead, they work because of three main weaknesses: low detection coverage, alert fatigue, and organisational failures.
News Bytes
Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (Help Net Security): Microsoft patched 63 vulnerabilities in its November 2025 update, including CVE-2025-62215, a race-condition in the Windows Kernel that allows elevation to SYSTEM and has seen in-the-wild exploitation.