Tag: jobs
-
How botnet-driven DDoS attacks evolved in 2H 2025
Tags: ai, attack, botnet, dark-web, ddos, defense, dns, finance, government, group, infrastructure, intelligence, international, Internet, iot, jobs, law, LLM, mitigation, network, resilience, risk, service, strategy, tactics, threat, tool, usa, vulnerabilityMassive attack capacity: Demonstration attacks peaked at 30Tbps and 4 gigapackets per second, primarily launched by Internet of Things (IoT) botnets such as Aisuru and TurboMirai variants.AI integration: The use of AI, including dark-web large language models (LLMs), moved from emerging trend to operational reality, making sophisticated attacks accessible to a wider range of threat actors.Persistent threat…
-
Hackhire spyware campaign targets journalists in Middle East, North Africa
Access Now, Lookout and SMEX joined research forces to find a campaign involving suspected Indian government-connected group Bitter, ProSpy spyware and more. First seen on cyberscoop.com Jump to article: cyberscoop.com/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa/
-
Masjesu Botnet Emerges as DDoSHire Service Targeting Global IoT Devices
Cybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service (DDoS) attacks.Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It’s capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures.”Built for First…
-
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since early 2023 and still active in 2026, Masjesu (also known as XorBot) shows how mature, stealth-focused botnets are reshaping the DDoS marketplace. Masjesu is a commercially run…
-
The tabletop exercise grows up
would do. They do not do it.Every experienced facilitator knows the moment: someone in the room challenges the premise and the facilitator asks participants to “suspend disbelief.” That phrase should give us pause. If the scenario requires suspension of disbelief, it is not building preparedness. It is building familiarity with a document.The gap between documentation…
-
Fake-Jobs als Cyber-Falle: So trickst NICKEL ALLEY Entwickler aus
Die nordkoreanische Hackergruppe NICKEL ALLEY nutzt gefälschte Jobangebote, um Entwickler zu täuschen. Ihr Ziel sind Kryptowährungen und sensible Unternehmensdaten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/fake-jobs-nickel-alley
-
Hackergruppe Nickel Alley täuscht IT-Experten mit gefälschten Jobs
Die nordkoreanische Hackergruppe Nickel Alley setzt ihre perfiden ‘Contagious Interview”-Kampagnen fort: Mit gefälschten LinkedIn-Unternehmensprofilen, fingierten Jobangeboten und manipulierten Github-Repositorien lockt sie gezielt Softwareentwickler in die Falle. Das Ziel: Die Installation des gefährlichen <> einem Remote-Access-Trojaner, der nicht nur Kryptowährungen stiehlt, sondern auch den Weg für Industriespionage und Supply-Chain-Angriffe ebnet. Die Masche: Fake-Jobs, […] First seen…
-
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
Tags: ai, apache, api, cloud, compliance, control, crowdstrike, data, defense, detection, edr, endpoint, fedramp, finance, framework, incident response, infrastructure, intelligence, jobs, login, microsoft, monitoring, risk, saas, security-incident, service, siem, soc, software, strategy, threat, tool, update, vulnerability24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts.Proactive threat hunting: Active searches for hidden threats rather than just waiting for automated triggers.AI and machine learning integration: Leveraging everything from basic anomaly detection to “Agentic AI” to reduce noise and accelerate investigations.Active incident response and containment: Capabilities to isolate endpoints…
-
Ten Great Cybersecurity Job Opportunities
Security Boulevard is now providing a weekly cybersecurity jobs report through which opportunities for cybersecurity professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for cybersecurity professionals to advance their careers. Of course, the pool..…
-
Watch this video of how a job interviewer exposes a North Korean fake IT worker
An apparent North Korean worker was caught visibly stumped during a remote job interview when asked to insult the country’s leader. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/06/watch-this-video-of-how-a-job-interviewer-exposes-a-north-korean-fake-it-worker/
-
Neuer Job als Fachgebietsleiter*in IT-Governance gesucht? Schau dir unsere Top Jobs an
First seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
-
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords
We uncovered two job scams posing as legitimate offers from Coca-Cola and Ferrari that could pry into Google and Facebook accounts. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/that-dream-job-offer-from-coca-cola-or-ferrari-its-a-trap-for-your-passwords/
-
Zunehmende technische Eskalation bei DDoS-Angriffen in der DACH-Region
Der neue NETSCOUT DDoS Threat Intelligence Report zeigt eine dramatische Verschärfung der Cyberbedrohungslage durch hacktivistische Aktivitäten und die Nutzung von DDoS-Attacken als präzisionsgelenkte Waffen mit geopolitischem Einfluss: In der zweiten Jahreshälfte 2025 wurden weltweit mehr als acht Millionen DDoS-Angriffe registriert [1]. Besonders auffällig ist der Druck auf kritische Infrastrukturen, ausgelöst durch Hacktivisten, DDoS-for-hire-Dienste und Botnetze….…
-
‘Uncle Larry’s biggest fan’ cut by email in early morning Oracle layoff spree
WARN filings in two states show 1,000+ layoffs, but wider cuts remain unconfirmed First seen on theregister.com Jump to article: www.theregister.com/2026/04/01/laidoff_oracle_workers/
-
Oracle cuts jobs across sales, engineering, security
Big Red declines comment as reports point to layoffs in the thousands First seen on theregister.com Jump to article: www.theregister.com/2026/03/31/oracle_cuts_jobs/
-
New North Korean AI Hiring Scheme Targets US Companies
North Korean operatives are using AI-generated resumes and stolen identities to infiltrate US companies, turning hiring pipelines into a new attack vector. The post New North Korean AI Hiring Scheme Targets US Companies appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korean-ai-hiring-scheme-us-companies/
-
AI SOC Firm Tenex Raises $250M to Drive Faster Response
Founder and CEO Eric Foster Wants to Reduce Dwell Time and Scale Engineering Teams. Tenex plans to use its $250 million Series B funding to expand its AI-driven SOC platform and hire hundreds of engineers. The company aims to improve alert coverage, automate response and reduce attacker dwell time while maintaining human oversight for complex…
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
Insider Threats Rise with North Korean AI Hiring Fraud Schemes
AI hiring fraud lets attackers bypass screening and gain insider access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/insider-threats-rise-with-north-korean-ai-hiring-fraud-schemes/
-
North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam
Tags: ai, breach, cyber, data-breach, fraud, identity, intelligence, jobs, north-korea, scam, threatA recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted interview answers to try to secure a senior remote role at U.S.-based threat intelligence firm Nisos. The case highlights how DPRK IT employment schemes are evolving by combining traditional fraud with modern AI…
-
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/shipsec-studio-security-workflow-automation-platform/
-
Identity is the first line of defense, especially in an AI-fueled threat landscape
Two new reports illustrate why companies need to do a better job of scrutinizing what their human employees and AI agents are doing. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/identity-governance-ai-cybersecurity/815964/
-
8 steps CISOs can take to empower their teams
Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
-
Pentagon Piloting Skills-Based Assessments for Cyber Workers
Proponents Favor Performance Tests Over Certs. The U.S. Department of Defense is for the first time piloting new skills-based assessments for its cyber hiring as an alternative to checking paper qualifications. Many certificates, officials say, don’t reflect the skills their cyber teams need in the real world. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pentagon-piloting-skills-based-assessments-for-cyber-workers-a-31222
-
Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam
A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam
-
Scam compounds hiring >>AI models<< to seal the deal in deepfake video calls
Forced labor doesn’t play well on camera, so scam compounds are hiring women to deepfake their faces on video calls. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/scam-compounds-hiring-ai-models-to-seal-the-deal-in-deepfake-video-calls/
-
New ‘StoatWaffle’ malware auto”‘executes attacks on developers
Tags: attack, detection, group, infrastructure, jobs, korea, malicious, malware, north-korea, threatContagious Interview, revisited: StoatWaffle isn’t an isolated campaign. It’s the latest chapter in the Contagious Interview attacks, widely attributed to North Korea-linked threat actors tracked as WaterPlum.Historically, this campaign has targeted developers and job seekers through fake interview processes, luring them into running malicious code under the guise of technical assessments. Previously, the campaign weaponized…
-
Google Forms Job Scam Spreads PureHVNC Malware
A newly observed malware campaign is leveraging trusted platforms like Google Forms to distribute the PureHVNC Remote Access Trojan (RAT), marking a shift in how attackers initiate infections. Rather than relying on traditional phishing emails or malicious websites, threat actors are using business-themed lures such as job interviews, project proposals, and financial documents to trick…
-
AI Governance in 2026: Why Staying Current Is No Longer Optional for Your Business
AI Governance in 2026: Why Staying Current Is No Longer Optional for Your Business You deployed an AI tool to screen job applicants six months ago. Maybe you used ChatGPT to draft customer communications. Perhaps your product team quietly integrated a third-party AI into your SaaS platform. Each of these decisions, made quickly, in the…The…