Tag: jobs
-
Telegram rises to top spot in job scam activity
Encrypted messaging platforms are becoming a primary channel for Authorised Push Payment (APP) fraud, with Telegram representing a growing share of reported cases, according … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/telegram-job-scams-activity/
-
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines.”The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code First seen…
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
Fake Next.js job interview tests backdoor developer’s devices
The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/
-
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs
Under the first year of the Trump administration, the U.S. cyber agency CISA has faced cuts, layoffs, and furloughs, as bipartisan lawmakers and cybersecurity industry sources say the agency is unprepared to handle a crisis. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/us-cybersecurity-agency-cisa-reportedly-in-dire-shape-amid-trump-cuts-and-layoffs/
-
Discord puts global age verification policy on hold after backlash
Tags: jobsIn responding to pushback about Discord’s impending age verification policy, co-founder Stanislav Vishnevskiy said the platform “failed at our most basic job: clearly explaining what we’re doing and why. That’s on us.” First seen on therecord.media Jump to article: therecord.media/discord-age-verification-policy-on-hold-after-backlash
-
Malicious Next.js Repos Target Developers Via Fake Job Interviews
Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/malicious-nextjs-repos-developers-fake-job-interviews
-
Microsoft execs worry AI will eat entry level coding jobs
Russinovich and Hanselman say firms must train juniors to fix agent mistakes not replace them with prompts First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/microsoft_ai_entry_level_russinovich_hanselman/
-
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
Public prosecutor mulls sentencing following investigations into two separate attacks First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/korean_bike_breach_charges/
-
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A severe Remote Code Execution (RCE) vulnerability has been identified in RubitMQ job workers, stemming from unsafe JSON deserialization practices. The issue arises not from memory corruption or complex undefined behavior, but from design-level trust assumptions regarding how data is processed in Ruby background systems. Security researcher NullSecurityX has demonstrated that this flaw allows attackers…
-
It’s time to rethink CISO reporting lines
Tags: ai, business, ceo, cio, ciso, control, cyber, data, governance, infrastructure, jobs, risk, threat, vulnerabilityWhat’s in a reporting line?: Aaron Painter, CEO of security vendor Nametag, contends that reporting structures often mean less than the respect the CISO is granted.Painter is “less dogmatic about where the CISO reports and more focused on whether they actually have a seat at the table,” he says.”Org charts matter far less than influence,”…
-
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
-
How to Spot a North Korean Job Candidate
Prompt Candidates to Wave, Check IP Addresses and Ask About Their Supposed Location. They’re young, tech-savvy and often the most productive remote worker on the team. They’re a major security risk numbering in the thousands that a multitude of Fortune 500 companies have unwittingly ushered into their network. They are North Korean IT workers. First…
-
Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
A Ukrainian man has been sentenced for helping North Koreans gain fraudulent employment at dozens of U.S. companies and funnel that money back to the regime to fund its nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/20/ukrainian-man-jailed-for-identity-theft-that-helped-north-koreans-get-jobs-at-us-companies/
-
Ukrainian gets five years for helping North Koreans secure US tech jobs
Polish arrest leads to extradition and federal prison sentence First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/north_korean_it_worker_prison/
-
Neuer Job als Data Automation Specialist gesucht? Schau dir unsere Top Jobs an
First seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
-
Threat Actors Using Fake Google Forms Site to Harvest Google Logins
A new phishing campaign in which threat actors are using a convincing fake version of Google Forms to steal Google account credentials. Cybercriminals are once again exploiting a trusted brand Google to trick job seekers and steal their credentials. The campaign’s malicious URLs all followed a similar structure: forms.google.ss-o[.]com/forms/d/e/{unique_id}/viewform?form=opportunitysecpromo= At first glance, these links appear…
-
Shadow Machines: The Non-Human Identities Exposing Your Cloud AI Stack
Tags: access, ai, api, authentication, automation, business, cloud, compliance, container, control, credentials, data, encryption, framework, governance, iam, identity, infrastructure, iot, jobs, login, mfa, password, risk, risk-management, saas, service, software, strategy, supply-chain, toolShadow Machines: The Non-Human Identities Exposing Your Cloud & AI Stack madhav Thu, 02/19/2026 – 06:30 The machines we don’t see are the ones running our businesses. Unfortunately, most IAM systems do not track them. In an ironic twist, the ghost in the machine has become the machine itself: invisible, autonomous, and increasingly beyond human…
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…
-
Job scam uses fake Google Forms site to harvest Google logins
Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/job-scam-uses-fake-google-forms-site-to-harvest-google-logins/
-
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix
Tags: access, ai, application-security, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, fraud, governance, grc, group, identity, infrastructure, jobs, monitoring, privacy, RedTeam, risk, soc, supply-chain, vulnerabilityStructural changes necessary: Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says many organizations have already made the structural changes necessary to address the rising importance, and specialization, of cybersecurity and risk functions.”The breadth and depth of information security and cybersecurity have increased so significantly over the past two decades that it drove a…
-
Was CISOs über OpenClaw wissen sollten
Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerabilityLesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
-
Noodlophile Malware Authors Use Fake Job Ads and Phishing Schemes to Evolve Tactics
Hey folks in the threat”‘hunting world looks like our coverage of the Noodlophile infostealer has struck a nerve with its creators. The operators used inflated engagement metrics and fake popularity scores to lure victims into downloading malicious ZIP archives. Once executed, these payloads quietly harvested user credentials, crypto”‘wallet data, browser information, and more all exfiltrated through Telegram…
-
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
-
Neuer Job als IT Application Engineer gesucht? Schau dir unsere Top Jobs an
Tags: jobsFirst seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
-
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/