Collecting Cyber-News from over 60 sources

Tag: jobs

North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
Fake job applications pack malware that kills endpoint detection before stealing data

Mar 11, 2026 3:47 PM

Tags: data, defense, detection, endpoint, jobs, malware, russia

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/malware_targeting_hr/
BlackSanta Malware Targets HR Staff with Fake CV Downloads

Mar 11, 2026 1:49 PM

Tags: attack, group, hacker, jobs, malware, russia, threat

Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows. First seen on hackread.com Jump to article: hackread.com/blacksanta-malware-hr-staff-fake-cv-downloads/
Announcing the 2026 CSO Hall of Fame honorees

Mar 11, 2026 11:46 AM

Tags: ai, ceo, cio, ciso, corporate, cyber, cybersecurity, finance, google, group, infrastructure, international, jobs, resilience, risk, risk-management, sans, technology

Selim Aissi, CEO & CSO, AGARobert S. Allen, Global CISO & Responsible AI Officer, GallagherMohit Chanana, CISO, Chevron Phillips ChemicalEdna Conway, Chief Operations & Risk Officer, TPO GroupJuan Gomez-Sanchez, VP, Cyber Resilience, McLane Company, Inc.Gary Harbison, Global CISO, Johnson & JohnsonMalcolm Harkins, Chief Security & Trust Officer, HiddenLayerBarry Hensley, CSO, Brown & BrownShaun Khalfan, SVP,…
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware

Mar 11, 2026 7:47 AM

Tags: attack, cloud, cyber, edr, jobs, malware, threat

Threat actors are increasingly targeting human resources (HR) departments by disguising malware as job application documents. The attack begins with what appears to be a legitimate job application. HR professionals receive a resume hosted on a well-known cloud storage platform, making the file seem trustworthy. The candidate profile looks realistic and relevant to open positions,…
Jack & Jill went up the hill, and an AI tried to hack them

Mar 11, 2026 5:48 AM

Tags: access, ai, attack, authentication, data, email, endpoint, exploit, hacking, injection, jobs, phishing, RedTeam, service, social-engineering, strategy, tool, vulnerability

get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
Jack & Jill went up the hill, and an AI tried to hack them

Mar 11, 2026 5:48 AM

Tags: access, ai, attack, authentication, data, email, endpoint, exploit, hacking, injection, jobs, phishing, RedTeam, service, social-engineering, strategy, tool, vulnerability

get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 3:48 PM

Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerability

When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
Fake job applications pack malware that kills EDR before stealing data

Mar 10, 2026 3:48 PM

Tags: data, defense, edr, jobs, malware, russia

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/malware_targeting_hr/
HR, recruiters targeted in year-long malware campaign

Mar 10, 2026 3:48 PM

Tags: attack, jobs, malware

An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/hr-recruiters-malware-resume/
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Mar 10, 2026 2:47 PM

Tags: access, api, attack, authentication, breach, business, cloud, control, credentials, data, data-breach, email, exploit, flaw, google, group, guide, hacking, identity, infrastructure, injection, intelligence, jobs, leak, malicious, mitigation, monitoring, network, oracle, password, programming, service, sql, tool, unauthorized, update, vulnerability

Tenable Research revealed “LeakyLooker,” a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets. Google has since remediated all identified issues. We discovered and disclosed nine novel cross-tenant vulnerabilities in Google Looker Studio (formerly Data Studio).…
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO

Mar 10, 2026 2:47 PM

Tags: ceo, deep-fake, group, hacker, jobs, lazarus, linkedin, north-korea, technology

Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO. First seen on hackread.com Jump to article: hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
Neuer Jobs als IT Governance Manager gesucht? Schau dir unsere Top Jobs an

Mar 7, 2026 1:47 PM

Tags: governance, jobs

First seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
Neuer Jobs als IT Governance Manager gesucht? Schau dir unsere Top Jobs an

Mar 7, 2026 1:47 PM

Tags: governance, jobs

First seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
TDL – Defense Before Offense: Leadership, Risk, and the Cost of Bad Decisions – Steven Elliott

Mar 7, 2026 12:48 AM

Tags: ai, apple, business, cctv, ceo, ciso, country, cyber, cybersecurity, data, defense, finance, guide, insurance, international, Internet, jobs, marketplace, metric, military, network, offense, organized, resilience, risk, service, software, strategy, switch, technology, threat, usa

From the Battlefield to the Boardroom: Lessons in Defense In the latest episode of The Defender’s Log, host David Redekop sits down with Steven Elliott, CFO of Adam Networks, to explore the surprising parallels between military operations, financial management, and cybersecurity. A Journey of Unpredictable Paths Elliott’s background is anything but linear. From a small…
North Korean agents using AI to trick western firms into hiring them, Microsoft says

Mar 6, 2026 6:47 PM

Tags: ai, breach, jobs, korea, microsoft, north-korea, programming, software, technology, tool

Firm says AI tools are masking identities of false applicants, who then funnel wages from remote IT jobs to North KoreaFake IT workers deployed by North Korea are using AI technology, including voice-changing tools, to trick western companies into hiring them, Microsoft has said.The US tech firm said a signature Pyongyang money-raising ruse is being…
Teenage hacker myth primed for a middle-age criminal makeover

Mar 6, 2026 10:47 AM

Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerability

Cybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
The 10-hour problem: How visibility gaps are burning out the SOC

Mar 4, 2026 8:51 PM

Tags: attack, cloud, cyber, data, intelligence, jobs, network, soc

An alert firesThe context is partialThe data is dispersedThe logs are incompleteThe analyst starts correlating manually This is the invisible cost of poor visibility.Every alert becomes a puzzle, and analysts become professional puzzle-solvers. But puzzles don’t scale. Not when attacks move faster than your reconstruction speed.The hidden cost of insufficient NAVThe Forrester study shows that…
Invisible Threats: Source Code Exfiltration in Google Antigravity FireTail Blog

Mar 4, 2026 3:48 PM

Tags: access, ai, attack, breach, exploit, google, injection, jobs, LLM, malicious, malware, mitre, network, phishing, social-engineering, threat

Mar 04, 2026 – Viktor Markopoulos – Invisible Threats: Source Code Exfiltration in Google Antigravity”TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions inside seemingly empty C++ comments, threat actors can force the AI assistant to package up the developer’s code and send it to…
How to know you’re a real-deal CSO, and whether that job opening truly seeks one

Mar 4, 2026 8:47 AM

Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerability

Striking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
Why workforce identity is still a vulnerability, and what to do about it

Mar 4, 2026 7:47 AM

Tags: authentication, identity, jobs, mfa, vulnerability

Most organizations believe they have workforce identity under control. New hires are verified. Accounts are provisioned. Multi-factor authentication is enforced. Audits are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/workforce-identity-assurance/
Jetzt Staats-CISO werden für unter 160.000 Euro

Mar 3, 2026 3:47 PM

Tags: ciso, cloud, communications, compliance, cyber, cybersecurity, cyersecurity, DSGVO, framework, governance, government, ISO-27001, jobs, nist, risk

Das britische Government Communications Headquarters (GCHQ) in Cheltenham, England. GCHQEine aktuelle Stellenausschreibung sorgt in der Branche für Kopfschütteln. Sie legt nahe, dass manche hochrangigen Regierungsstellen offenbar nicht ganz mit der Realität des heutigen Cybersecurity-Arbeitsmarktes Schritt halten. Dabei ist gut dokumentiert, dass weltweit erheblicher Bedarf an IT-Sicherheitsexperten besteht. Laut einer aktuellen Umfrage von ISC2 sind 33…
7 factors impacting the cyber skills gap

Mar 3, 2026 9:47 AM

Tags: ai, attack, automation, breach, business, ciso, control, cyber, cybercrime, cybersecurity, data, defense, detection, group, incident response, intelligence, jobs, risk, service, skills, strategy, technology, threat, tool, training, vulnerability

2. Emerging technologies: New technologies, particularly AI, are contributing to a cyber landscape that’s evolving so quickly it’s hard for even highly skilled cybersecurity professionals to pace, says Dan Lohrmann, CISO at enterprise strategy and consulting firm Presidio.AI-driven threats keep moving the target, allowing cybercriminals to attack with unprecedented levels of speed and agility, Lohrmann…
Ex-Nuance IT Worker Pleads Guilty in Geisinger Health Case

Mar 2, 2026 10:47 PM

Tags: communications, jobs

Fired Employee Illegally Downloaded 1M Patient Records. A former Nuance Communications IT worker has pleaded guilty in a criminal case that alleged he downloaded and stored on a personal hard drive containing 1.2 million patient records of a client, Geisinger Health, two days after he was terminated from his job in 2023. First seen on…
A scorecard for cyber and risk culture

Mar 2, 2026 11:47 AM

Tags: access, automation, awareness, breach, business, compliance, control, credentials, cyber, finance, governance, identity, jobs, metric, mitigation, phishing, risk, service, strategy, tool, training

When someone asks for an exception.When a change goes in late.When an alert fires at 2 a.m.When a junior analyst spots something odd and wonders if it’s worth escalating.When an executive wants speed, and the team wants safety. Ownership means people act like the risk is partly theirs. They don’t outsource judgment to “security.” They…
How CISOs can build a resilient workforce

Mar 2, 2026 8:46 AM

Tags: ai, automation, ciso, communications, cyber, cybersecurity, data, infrastructure, jobs, monitoring, network, risk, service, skills, soc, software, strategy, technology, threat, tool, training

Burnout leads to job dissatisfaction: Burnout is an ongoing concern for many CISOs and their teams, especially when unpredictable events can trigger workload spikes, burnout can escalate fast. “It’s something that can overwhelm pretty quickly,” Ford says.Industry surveys continue to flash red on persistent burnout that leads to job dissatisfaction. The ISC2 study found almost…
Jack Dorsey’s fintech outfit Block announces 40% layoffs, blames AI, gets 23% stock bump

Feb 28, 2026 5:37 PM

Tags: ai, fintech, jobs

One massive round of firings is apparently better for morale than a drip-drip-drip of death First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/block_q4_2025_ai_layoffs/
‘Silent’ Google API key change exposed Gemini AI data

Feb 27, 2026 10:36 PM

Tags: access, ai, api, cloud, data, data-breach, google, jobs, mitigation, vulnerability

Mitigation: The first job for concerned site admins is to check in the GCP console for keys specifically allowing the Generative Language API. In addition, look for unrestricted keys, now identified by a yellow warning icon. Check if any of these keys are public.Exposed keys should all be rotated or ‘regenerated,’ with a grace period…
CISA replaces acting director after a bumbling year on the job

Feb 27, 2026 5:36 PM

Tags: cisa, cybersecurity, jobs

The U.S. cybersecurity agency’s acting director Madhu Gottumukkala will be replaced, after a year of cuts, layoffs, and staff reassignments, and allegations of security lapses and claims he struggled to lead the agency. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/27/cisa-replaces-acting-director-gottumukkala-after-a-bumbling-year-on-the-job/
Nordkoreanische Hacker locken Entwickler mit FakeInterviews

Feb 26, 2026 3:36 PM

Tags: hacker, jobs, social-engineering

Das nordkoreanische Hacker gerne einmal versuchen sich selbst als Entwickler anheuern zu lassen, um Unternehmen auszuspionieren ist inzwischen nichts neues mehr. Was aber neu ist, ist, dass sie versuchen Entwickler als Trittbrett auszunutzen. Nach Angaben von Forschern von Recorded Future nehmen sie ebenfalls gezielt Softwareentwickler mit Social-Engineering-Taktiken ins Visier. Eine als ‘PurpleBravo” bezeichnete Gruppe setzt…