Tag: linkedin
-
LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
-
LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
-
Two MDO field reports every IT security lead should read
<div cla Tyler Swinehart, Director of Global IT & Security at IRONSCALES, has been publishing the kind of LinkedIn pieces I wish more practitioners would write. No vendor angle. No positioning. Just “here’s what I learned the hard way operating this thing in production, and here’s what nobody told me until it was too late.”…
-
AI job scams are booming and I was fooled by one. Here is how to avoid them
Fraudsters are using the promise of fake roles to trick job-seekers out of money, personal information or both, and with the help of AI they are more convincing than ever. But there are ways to spot themThere were clues from the start that it was too good to be true. A headhunter emailed me with…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware
Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross”‘platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging over LinkedIn and then moving conversations to Telegram group chats with multiple fake “partners” to…
-
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
BITTER APT spreads ProSpy and ToSpy via Signal, Google, and Zoom lures, targeting journalists through LinkedIn and iMessage spearphishing. First seen on hackread.com Jump to article: hackread.com/bitter-apt-signal-google-zoom-prospy-spyware/
-
Missbrauch als Einfallstor für Cyberangriffe mittels KI-Automatisierung
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/linkedin-missbrauch-einfallstor-cyberangriffe-ki-automatisierung
-
Wie LinkedIn in 30 Minuten zum maschinenlesbaren Beutezug für Hacker wird
Frei verfügbare Posts und Bilder von Mitarbeitern auf LinkedIn liefern dank modernster OSINT-Automatisierung alle Details für täuschend echte Angriffe auf Kernprozesse aller Unternehmen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linkedin-hacker
-
Questions raised about how LinkedIn uses the petabytes of data it collects
CSOonline. “We do disclose that we scan for browser extensions in our privacy policy, in order to detect abuse and provide defense for site stability.” When asked whether it uses that data solely to do those things, LinkedIn did not reply. The key person behind the allegations calls himself Steven Morrell (not his legal name, which…
-
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions, on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-462/
-
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
Tags: access, ai, authentication, container, cve, data, data-breach, docker, exploit, flaw, hacker, injection, intelligence, linkedin, network, update, vulnerabilityHackers exploit unpatched instances: While a patch has been available for months, a recent VulnCheck finding places the first in-the-wild exploitation on April 6. Caitlin Condon, VP of Security Research at the vulnerability intelligence company, warned of the abuse through a LinkedIn post.”Early this morning, VulnCheck’s Canary network began detecting first-time exploitation of CVE-2025-59528, an…
-
Hackergruppe Nickel Alley täuscht IT-Experten mit gefälschten Jobs
Die nordkoreanische Hackergruppe Nickel Alley setzt ihre perfiden ‘Contagious Interview”-Kampagnen fort: Mit gefälschten LinkedIn-Unternehmensprofilen, fingierten Jobangeboten und manipulierten Github-Repositorien lockt sie gezielt Softwareentwickler in die Falle. Das Ziel: Die Installation des gefährlichen <> einem Remote-Access-Trojaner, der nicht nur Kryptowährungen stiehlt, sondern auch den Weg für Industriespionage und Supply-Chain-Angriffe ebnet. Die Masche: Fake-Jobs, […] First seen…
-
Sophos deckt gefälschte Jobangebote auf Karrierenetzwerken auf
Auf den ersten Blick wirkt alles seriös: Professionell gestaltete LinkedIn-Profile, glaubwürdige Unternehmensauftritte und scheinbar legitime GitHub-Repositories. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-deckt-gefaelschte-jobangebote-auf-karrierenetzwerken-auf/a44511/
-
BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs
LinkedIn is accused in the BrowserGate report of tracking 6,000+ browser extensions on users’ PCs, raising concerns over privacy and data collection practices. First seen on hackread.com Jump to article: hackread.com/browsergate-linkedin-track-browser-extensions-user-pc/
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
-
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretly-scans-for-6-000-plus-chrome-extensions-collects-data/
-
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the >>BrowserGate<< report, hidden code on LinkedIn's website secretly scans the computers of its one billion users to detect installed software and browser extensions. This scanning reportedly happens without user consent, disclosure, or any mention…
-
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretely-scans-for-6-000-plus-chrome-extensions-collects-data/
-
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data. First seen on hackread.com Jump to article: hackread.com/linkedin-phishing-scam-fake-notificatioms-hijack-accounts/
-
LinkedIn-Phishing: Fake-Nachrichten greifen Zugangsdaten ab
Eine neue Phishing-Kampagne nutzt täuschend echte LinkedIn-Benachrichtigungen, um Nutzer auf gefälschte Login-Seiten zu locken. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linkedin-phishing
-
Linkedin & Persona: In drei Minuten in den Datenschutz-Wahnsinn
Tags: linkedinIch habe meine Identität auf Linkedin verifiziert. Hier erzähle ich, was ich preisgegeben habe, nur um ein blaues Häkchen zu bekommen. First seen on golem.de Jump to article: www.golem.de/news/linkedin-persona-in-drei-minuten-in-den-datenschutz-wahnsinn-2603-206707.html
-
Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam
A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Anton’s Vibe Coding Experience: A Reflection on Risk Decisions
Tags: access, ai, application-security, authentication, business, compliance, corporate, credentials, data, google, linkedin, LLM, risk, toolLook, I’m not a developer, and the last time I truly “wrote code” was probably a good number of years ago (and it was probably Perl so you may hate me). I am also not an appsec expert (as I often remind people). Below I am describing my experience “vibe coding” an application. Before I go…
-
Big Tech Unites: Industry Giants Sign Global Accord to Combat AI-Driven Scams
In a rare display of unified defense, eight of the world’s most powerful technology firms have signed a landmark pact to disrupt the global scam networks currently siphoning billions of dollars from consumers. The Online Services Accord Against Scams signed by Google, Amazon.com Inc., Microsoft Corp., Meta Platforms Inc., OpenAI, LinkedIn, Adobe Inc., and Match..…
-
USENIX Security ’25 (Enigma Track) Security Theater Is Canceled: Time For A Real Show
Tags: linkedinAuthor, Creator & Presenter: Lea Kissner, LinkedIn Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security ’25 (Enigma Track) content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/usenix-security-25-enigma-track-security-theater-is-canceled-time-for-a-real-show/