`logflux` was removed from crates.io for malicious code

The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...

The US digital doxxing of H-1B applicants is a massive privacy misstep

Technology professionals hoping to come and work in the US face a new privacy concern. Starting December 15, skilled workers on H-1B visas and their families must flip their social media profiles to public before their consular interviews. It’s a deeply risky move from a security and privacy...

Deepfakes, AI resumes, and the growing threat of fake applicants

Recruiters expect the odd exaggerated resume, but many companies, including us here at Malwarebytes, are now dealing with something far more serious: job applicants who aren't real people at all. From fabricated identities to AI-generated resumes and outsourced impostor interviews, hiring pipelin...

Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website

A database containing information on people who applied for jobs with Democrats in the US House of Representatives was left accessible on the open web...

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald 's was exposed after they guessed the password "123456" for the fast food chain's account at Paradox.ai , a company that makes artificial intelligence based hiring chatbots...

McDonald’s AI bot spills data on job applicants

McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password “12345.”...

CVE-2024-8464

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it...

PT-2024-39031 · Unknown · Phpgurukul Job Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Job Portal version 1.0 Description: A SQL injection vulnerability exists, allowing an attacker to send a specially designed query through the JOBREGID parameter in the /jobportal/admin/applicants/controller.php endpoint, and retrie...

CVE-2024-2687

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-2685

A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/applicants/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The...

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from an SQL injection vulnerability in the id parameter of the /admin/applicants/index.php file...

TA4557 Targets Recruiters by Delivering Malware Disguised as Job Applicant

Summary: Threat actor TA4557 has been focusing on recruiters by posing as job applicants to distribute malware. While this approach is not unprecedented, there have been notable shifts in both technique and attack vectors compared to their previous methods. The attackers have demonstrated an...

Assura Personnel Data Systems Vista 7 路径遍历漏洞

Assura Personnel Data Systems Vista 7 PDS Vista 7 is a generic tax program from Assura. A security vulnerability in the External Applicants Security Hotfix XA client for Assura Personnel Data Systems Vista 7 versions prior to 7.1.7.2, which stems from improperly restricting pathnames to restricte...

CVE-2022-32011

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=...

CVE-2022-32011

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=...

CVE-2022-32011

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/admin/applicants/index.php?view=view&id= The page lacks validation for external input SQL statements. An attacker could use this...

Mass Spoofing Campaign Abuses Walmart Brand

An ongoing domain name spoofing campaign is taking aim at retail giant Walmart and other big fish, with more than 540 malicious domains being used to harvest consumer information. The scam domains are mimicking legitimate sites in name and appearance, in hopes of fooling visitors into entering...

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside...

US may screen social media of Immigrant & Non-Immigrant Visa Applicants

By Uzair Amir Trump administration has announced that it will be starting to This is a post from HackRead.com Read the original post: US may screen social media of Immigrant & Non-Immigrant Visa Applicants...