#221: Digging into Social Engineering, part 1

A Day in the Life of a CISO

#221: Digging into Social Engineering, part 1Exploring Unit 42's findings
͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     ͏     
Forwarded this email? Subscribe here for more
#221: Digging into Social Engineering, part 1
Exploring Unit 42's findings
Austin Miller
Oct 25 

READ IN APP

Don’t miss out!
Sign up today!
Welcome to another _secpro!
This week, we’re poking the brain of CISO expert David Gee to deliver you some insights which line up nicely with his new book: A Day in the Life of a CISO. We’ve also included our popular PDF resource again, to help you improve your training sessions and help the non-specialists amongst us to make the right moves in the age of AI. Check it out!
Packt SecPro  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Upgrade to paid
If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!
Cheers!
Austin Miller
Editor-in-Chief
This week’s article
Unit 42 on non-phishing vectors
Recently, along with a wealth of other industry-critical information and resources, Palo Alto’s Unit 42 published their incident response report concerning social engineering. As an area of practice that has always fascinated me—as more art than science—this immediately grabbed my attention and almost forced me to start taking notes. With this in mind, we as a team are heading out over the next few weeks to dig deeper into social engineering and help you discern the golden kernels that you need to access.
Check it out today!
News Bytes
Unit 42 Threat Bulletin – October 2025: Published 21 October 2025, this monthly bulletin by Unit 42 (the threat-research arm of Palo Alto Networks) surfaces multiple emerging threats. Highlights include the self-propagating supply-chain worm “Shai-Hulud”, an advanced supply-chain attack targeting npm packages; detailed technical IOCs; and spotting a new Chinese-nexus APT “Phantom Taurus” targeting government/telecom across Africa/Middle East/Asia.
PacketWatch Cyber Threat Intelligence Report: Crafted by Intelligence Team and published 20 October 2025, this bi-weekly briefing highlights: (a) the major breach incident at F5 Networks (source code + undisclosed vulnerabilities); (b) a list of critical and high-severity vulnerabilities across major platforms (Oracle, Microsoft, Veeam, SAP, 7-Zip, Ivanti); and (c) a renewed emphasis on user-targeted attacks such as credential phishing, fake CAPTCHA software, and fake downloads.
Disrupting malicious uses of AI (PDF): Released by OpenAI, this October 2025 update (PDF) details how threat actors are increasingly leveraging multiple AI tools (e.g., using one model for planning and another for execution), integrating AI into existing cyber-attack workflows, rather than inventing wholly new attack methods. The report also gives case studies of misuse (scams, code-signing abuse, social engineering) and how defence and detection are adapting.
Microsoft Digital Defense Report 2025: Lighting the path to a secure future (PDF): Published by Microsoft 21 October 2025, this annual-style report provides their threat intelligence view: major uptick in AI-enabled adversary operations, increasing geopolitical cyber-conflict, supply chain risk, and the imperative for defenders to rethink traditional security models given the speed and scale of modern attacks