#it-recruitment-fraud
#it-recruitment-fraud

Careers

3 red flags that job posting is a scam - and how to verify safely

Job scams are on the rise, exploiting vulnerable job seekers with vague offers and promises of high pay for little work.

fromZDNET

22 hours ago

FTC reports a surge in $220M job fraud - here's how to vet listings, according to recruiters

Job scams are on the rise, exploiting vulnerable job seekers with vague offers and promises of high pay for little work.

fromZDNET

3 red flags that job posting is a scam - and how to verify safely

Job scams are on the rise, exploiting vulnerable job seekers with vague offers and promises of high pay for little work.

more#job-scams

#ai-security

fromTNW | Corporates-Innovation

16 hours ago

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

fromTNW | Corporates-Innovation

16 hours ago

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

more#ai-security

fromwww.theguardian.com

4 hours ago

Buying a collectible? Beware fakers out to persuade you it's the real deal

Scams involving antiques and collectibles are almost as old as some of the items. But internet sales now mean fraudsters have a much wider audience.

E-Commerce

#phishing

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

more#phishing

#meta

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

Ex-Microsoft engineer blames Azure problems on talent exodus

Microsoft 365 GCC High was dismissed by federal evaluators due to foundational issues in Azure's infrastructure and rushed market entry.

Parenting

fromSlate Magazine

My Mom Got a Call That I Was in a Horrific Accident. What She Did Next Can't Be Undone.

Scammers exploit emotional vulnerabilities, making it crucial to educate and protect against future scams.

AI is changing how people look for jobs, forcing recruiters to keep up

AI is transforming SEO and recruitment strategies, requiring adaptation to new search behaviors and tools.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

Artificial intelligence

1 in 7 Americans ready for an AI boss, but won't trust it

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

The career ladder is fading as AI reshapes work, LinkedIn exec says

AI is reshaping careers, leading to nonlinear paths where workers have more control over their career trajectories.

Marketing tech

fromHR Brew

AI is changing how people look for jobs, forcing recruiters to keep up

AI is transforming SEO and recruitment strategies, requiring adaptation to new search behaviors and tools.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

fromHarvard Business Review

1 in 7 Americans ready for an AI boss, but won't trust it

15 percent of Americans are open to working for an AI boss, but skepticism about AI's role remains prevalent.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

The career ladder is fading as AI reshapes work, LinkedIn exec says

AI is reshaping careers, leading to nonlinear paths where workers have more control over their career trajectories.

Internet Bug Bounty program hits pause on payouts

The Internet Bug Bounty program is pausing submissions for bug reports in open-source software to reassess its approach to security.

Artificial intelligence

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

fromLos Angeles Times

SoCal hospice owners bilked taxpayers for millions in false claims, federal officials say

Eight individuals were arrested and 15 charged in a scheme to defraud Medicare of over $50 million by running sham hospice facilities across Southern California. Federal officials described the actions as brazen efforts to commit fraud, with many billed patients not being terminally ill.

Healthcare

#oracle

fromBoston.com

Boston

Oracle layoffs begin globally; impact on Mass. workforce unclear

Recently laid-off Oracle worker says AI is coming for jobs

Oracle laid off thousands of employees, attributing job losses to AI integration in large enterprises.

Business

fromBusiness Matters

Oracle cuts thousands of jobs as Ellison doubles down on AI investment

Oracle is cutting thousands of jobs to fund its AI infrastructure expansion, with potential layoffs reaching tens of thousands.

Remote teams

fromCalifornia Post

Oracle axes thousands of jobs in massive layoff - notifying fired employees with 6 a.m. email

Oracle laid off thousands of employees via email, citing organizational changes and business needs, causing widespread fear and frustration among remaining staff.

Oracle cuts jobs across sales, engineering, security

Oracle laid off thousands of employees to increase spending on AI infrastructure projects, with potential cuts reaching 30,000.

Oracle lays off thousands of employees to fund AI buildout

Oracle's layoffs affected around 10,000 employees, attributed to cost-cutting measures linked to aggressive AI expansion.

fromBoston.com

Boston

Oracle layoffs begin globally; impact on Mass. workforce unclear

Recently laid-off Oracle worker says AI is coming for jobs

Oracle laid off thousands of employees, attributing job losses to AI integration in large enterprises.

Business

fromBusiness Matters

Oracle cuts thousands of jobs as Ellison doubles down on AI investment

Oracle is cutting thousands of jobs to fund its AI infrastructure expansion, with potential layoffs reaching tens of thousands.

Remote teams

fromCalifornia Post

Oracle axes thousands of jobs in massive layoff - notifying fired employees with 6 a.m. email

Oracle laid off thousands of employees via email, citing organizational changes and business needs, causing widespread fear and frustration among remaining staff.

Oracle cuts jobs across sales, engineering, security

Oracle laid off thousands of employees to increase spending on AI infrastructure projects, with potential cuts reaching 30,000.

Oracle lays off thousands of employees to fund AI buildout

Oracle's layoffs affected around 10,000 employees, attributed to cost-cutting measures linked to aggressive AI expansion.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

Roam Research

8 in 10 AI Chatbots Likely to Help Plan Attacks, Hate Crimes

Most AI chatbots fail to discourage violent actions and often provide assistance for planning attacks.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

NYC politics

fromHoodline

Brooklyn Drivers Slammed With Scam 'Enforcement Action' Texts, NYPD Warns

Brooklyn drivers are targeted by a scam text claiming enforcement action, urging immediate payment to avoid penalties.

Digital life

fromBig Think

fromInside Higher Ed | Higher Education News, Events and Jobs

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

Higher education

Students Embrace AI but Fear False Accusations

AI is reshaping student learning and work, with many students using it for academic shortcuts due to time constraints and lack of interest.

Venture

Delve whistleblower strikes again, with alleged receipts about 'fake compliance' | TechCrunch

Delve's CEO denies allegations of faking compliance evidence amid accusations from an anonymous source presenting alleged proof.

SF politics

fromNextgov.com

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

23 hours ago

No mediocre worker is safe the bar for keeping your job just went up

Companies are replacing underperforming employees with better talent due to constrained hiring budgets and a focus on maximizing performance.

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

How a 'Wrong Number' Message Turned Into a $3.4M Crypto Scam

This $3.4 million scam illustrates the rise of social engineering in crypto fraud, focusing on emotional manipulation over technical exploits.

Remote teams

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.

fromnews.bitcoin.com

SEC Warns Fake Officials Exploit Trust With Fraud Tactics Targeting Investors

Impersonation scams using SEC branding are increasing, exploiting investor trust through social media and text messages.

Job Seekers Are Getting Ghosted in Record Numbers. One Person Got a Rejection Letter 11 Months After Applying.

Job seekers face increased ghosting, with 53% affected, largely due to AI-driven application processes overwhelming recruiters.

fromFortune

How AI and 'experience creep' are making it harder for new graduates to find jobs | Fortune

The job market for recent college graduates has worsened, with increased unemployment and higher experience requirements from employers.

fromEntrepreneur

Job Seekers Are Getting Ghosted in Record Numbers. One Person Got a Rejection Letter 11 Months After Applying.

Job seekers face increased ghosting, with 53% affected, largely due to AI-driven application processes overwhelming recruiters.

fromFortune

How AI and 'experience creep' are making it harder for new graduates to find jobs | Fortune

The job market for recent college graduates has worsened, with increased unemployment and higher experience requirements from employers.

more#job-market

fromThe Verge

Pinterest said he violated laid-off colleagues' privacy. Now he's going public

A former Pinterest engineer claims he was unjustly fired for sharing a tool that revealed employee layoffs.

#cybersecurity

Healthcare

Healthcare IT Platform CareCloud Probing Potential Data Breach

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Information security

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Information security

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026

Thirty-eight cybersecurity-related M&A deals were announced in March 2026, including significant acquisitions by Airbus, AppViewX, Cellebrite, and Databricks.

Healthcare

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026

Thirty-eight cybersecurity-related M&A deals were announced in March 2026, including significant acquisitions by Airbus, AppViewX, Cellebrite, and Databricks.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

fromArs Technica

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Artificial intelligence

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromHer Campus

Who's Watching The Watchers? AI, Age Verification, And Online Privacy

Parents are increasingly concerned about children's exposure to harmful online content despite regulations like CIPA and platforms like YouTube Kids.

The right way to ask questions about AI in your next job interview

AI is transforming workplace dynamics, making it essential for candidates to assess employers' genuine integration of AI during interviews.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

#malware

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Information security

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Tycoon 2FA Phishing Platform Dismantled in Global Takedown

Europol and Microsoft led a coordinated takedown of Tycoon 2FA, a phishing-as-a-service platform responsible for 62% of phishing attempts blocked by Microsoft and affecting 96,000 victims worldwide.

fromAol

2 weeks ago

Pennsylvania retiree lost $221K to a remote 'task scam' job approving fake hotel reviews. Here are the FTC's 3 red flags every job seeker must know

A Pennsylvania retiree lost over $220,000 in a sophisticated task scam promising easy online earnings.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

fromMoneyLion

4 weeks ago

Warning Signs That a Job Offer Is a Scam

Remote job scams use red flags like unprofessional emails, grammatical errors, vague descriptions, and requests for personal information or upfront payments to deceive job seekers.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

What IT leaders need to know about AI-fueled death fraud

AI-generated fake death certificates pose significant risks for businesses by enabling fraudsters to exploit customer accounts and data.

2 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

2 weeks ago

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

fromFuturism

2 months ago

If You're a Real Person Looking for a Job, the Flood of Fake AI Job Applications Will Make Your Blood Boil

And beneath the official jobs data is a growing accessibility crisis. More and more job seekers are finding themselves shut out of the labor market - not because there are no jobs to be had, but because torrents of AI slop are crowding them out of consideration. Case in point: a few months back, tech publication The Markup posted an opening for an engineer role.

Careers

fromPCWorld

4 weeks ago

Phishing scammers weaponize ICE ragebait

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Information security

Why Security Teams Can No Longer Ignore Recruitment Fraud

AI-powered recruitment fraud exploits human trust in hiring workflows, with job scams surging over 1,000% as attackers use deepfakes and impersonation to target vulnerable candidates and organizations during periods of labor market volatility.

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.

ChatGPT Criminals: AI Scams Target Dating and Legal Impersonators - TechRepublic

Generative AI enhances traditional scams by improving message quality, consistency, and scale, making romance fraud and professional impersonation harder to detect and easier to execute at volume.

41% of Organizations Have Hired a Fake Candidate

AI-enabled identity attacks surged in 2025—deepfakes, impersonation, and synthetic identities are frequent while many organizations overestimate defenses and underprioritize deepfake-resistant IAM.

Payroll pirates conned the help desk, stole employee's pay

Attackers used compromised shared-mailbox credentials and a help-desk MFA reset via social engineering to divert a physician's salary into the attacker's account.

2 months ago

What You Need to Know About the New LinkedIn Phishing Scheme

Attackers post LinkedIn-style comments claiming account restrictions to trick users into clicking lnkd.in links that lead to credential-harvesting pages.

fromSocial Media Today

2 months ago

LinkedIn Outlines Measures to Combat Scam Job Listings

LinkedIn enhanced scam detection, added identity and company verification, demoted suspicious inbox contacts, removed fake profiles/pages, and introduced AI resume tools to reduce third-party reliance.