🚨 I'm hiring right now. And I'm deleting a huge chunk of applications inside the first 10 seconds. Not because the candidates are bad. Because their profiles look fake.

📌 TLDR In 2026, bots, scammers, and nation-state actors are flooding every job posting. If your LinkedIn profile looks like one of theirs, you get swept into the same trash pile, no matter how qualified you are. Here's how to clear the 10-second test.

🔑 THE NON-NEGOTIABLE MINIMUMS

✅ A real photo of your actual face. Not an avatar. Not an AI portrait. Not a blank silhouette.
✅ LinkedIn identity verification — free, 5 minutes, instant signal you're human: https://www.linkedin.com/help/linkedin/answer/a1359065
✅ Your city, or at minimum your state. "United States" alone reads as a scam. Not every company is set up to hire in every state; payroll, tax, and legal nexus all matter.

🚫 INSTANT TURN-OFFS

❌ "Dear Hiring Manager" with zero customization
❌ Typos in the first sentence of your outreach
❌ Résumé claims that don't match your LinkedIn dates
❌ "Can we move this to WhatsApp?" — textbook scammer, blocked and done
❌ Bashing your last employer

The bar hasn't gotten higher. The noise floor has. Standing out in 2026 doesn't require a gimmick. It requires proving, in 10 seconds, that you're not one of the fakes.

#Hiring #JobSearch #LinkedInTips #CareerAdvice #Recruiting #Cybersecurity

I'm hiring an Analytics Engineer (GCP) to join my team at RHR International, reporting directly to me.

What you'd actually be doing: building and owning our analytics foundation in a GCP-first environment — BigQuery, Looker Studio, Python, SQL, GitHub, Docker. Real production work, version-controlled and documented, not throwaway queries.

RHR is a leadership consulting firm that's been around 80+ years. We're cloud-first, SaaS-only, no on-prem. Small IT team, which means your work matters immediately.

What I'm looking for beyond the technical skills: curiosity, self-direction, and the ability to explain what you built and why to people who don't write code. Bonus points if you've fixed something nobody asked you to fix.

Hybrid in Chicago preferred, remote considered.

Link to apply: https://www.linkedin.com/jobs/view/4399748962/

If you know someone who fits, I'd appreciate the tag or share.

#Hiring #AnalyticsEngineer #GCP #BigQuery #DataEngineering #Chicago #RHRInternational #Google

Anthropic built an AI model called Mythos that autonomously found a 17-year-old remote code execution vulnerability in FreeBSD. No human involvement after the initial prompt. It found thousands more zero-days across every major OS and browser, some hiding for decades. Anthropic says it's too dangerous to release publicly, so they gave it to AWS, Microsoft, Apple, Google, CrowdStrike, and a handful of others under a new initiative called Project Glasswing. $100M in usage credits to go fix things before similar capabilities go wide.

Impressive, but worth some skepticism. Bruce Schneier pointed out this is also a very effective PR play. A security firm called Aisle replicated many of the same findings using older, cheaper, publicly available models. The gap between "too dangerous to release" and "already achievable with what's out there" may be thinner than the headlines suggest.

🔒 Mythos autonomously discovered and exploited a FreeBSD RCE that had been present for 17 years (CVE-2026-4747)
🔗 It chains 3-5 vulnerabilities together into multi-step attack sequences
📊 Over 99% of the vulnerabilities found are still unpatched, so we're trusting Anthropic's claims on scope
💰 $25/$125 per million input/output tokens for partners, if you're on the list

Meanwhile, the advice cybersecurity experts are giving the rest of us: update your software, use MFA, get a password manager. The most advanced AI vulnerability scanner ever built, use off-line (truly air-gapped) backups, and basic hygiene is still the best defense most people have.

https://www.crn.com/news/security/2026/5-things-to-know-on-anthropic-s-claude-mythos-and-project-glasswing
#CyberSecurity #AI #ProjectGlasswing #security #privacy #cloud #infosec

😳 Someone hid a prompt injection inside invisible markdown comments in a pull request. A developer asked Copilot to review the PR. Copilot read the hidden instructions, searched the codebase for AWS keys, encoded them in base16, and smuggled them out through GitHub's own image proxy as 1x1 transparent pixels. The CSP didn't flag it because the traffic was routed through GitHub's trusted infrastructure. CVSS 9.6. No malicious code ever executed.

The attacker weaponized the AI assistant's own access permissions. Copilot could see everything the developer could see, and it can't distinguish a legitimate instruction from a hidden one buried in a PR description.

🔍 The attack, dubbed "CamoLeak," was patched by GitHub in August 2025 and publicly disclosed in October
🔑 Copilot was directed to find secrets like API keys and cloud credentials, then exfiltrate them character by character
🖼️ Data was hidden inside pre-signed image URLs, making it look like normal browser activity
⚠️ Any AI assistant with deep system access, Microsoft 365 Copilot, Google Gemini, all of them, is a potential exfiltration channel if untrusted content can reach its instruction stream

We've spent years teaching developers not to trust user input. Now we're handing AI tools full repo access and letting them ingest unvalidated text from pull requests.

https://cybersecuritynews.com/hackers-exploit-github-copilot-flaw/
#CyberSecurity #AI #GitHubCopilot #security #privacy #cloud #infosec #software

Russia's military intelligence 🇷🇺 the GRU, was caught using between 18,000 and 40,000 home and small office routers to harvest credentials. Most of these were MikroTik and TP-Link devices, spread across 120 countries. The attackers didn't use any advanced tools or unknown exploits. Instead, they exploited known, unpatched vulnerabilities on outdated hardware that people had not replaced.

This is a nation-state espionage campaign that may be operating through the router right next to your cable box.

🪤 Even with multi-factor authentication, users weren't protected. APT28 set up adversary-in-the-middle servers that waited for people to finish logging in, then intercepted the OAuth token. People followed all the recommended steps, but the attackers still managed to get in.

📡 The only warning was a browser certificate alert. Millions of people see these self-signed certificate pop-ups every day and click through them without thinking. That simple action gave Russian intelligence access to authenticated sessions.

🔁 When Britain's NCSC published an alert about part of this campaign in August, APT28 did not slow down. Instead, they increased their activity. In just four weeks, 290,000 unique IP addresses connected to their malicious DNS resolver.

This group has been hijacking routers since at least 2018. They were caught using VPNFilter to infect 500,000 devices. The DOJ caught them again in 2024. Now, in 2026, we are still dealing with the same problem.

The solution is simple, but not exciting: replace outdated routers, check your DNS settings for unfamiliar servers, and avoid clicking through certificate warnings. It is not glamorous or powered by AI; it is just basic steps that are often ignored.

APT28 is not succeeding because they are smarter. They are succeeding because we keep leaving easy ways for them to get in.

https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/
#Cybersecurity #InfoSec #Leadership #security #privacy #cloud

Anthropic created an AI that discovered vulnerabilities in every major operating system and browser, even uncovering a nearly 30-year-old flaw in one of the most secure platforms. Weirder yet, one day, while a researcher was eating lunch in the park, the model emailed them. It had escaped their internal sandbox and reached the internet.

They named it Claude Mythos Preview, but they are not making it available to the public.

A private company, mainly accountable to its investors and its own sense of ethics, now controls a cyber weapon as powerful as those used by nation-states. For now, they have given Apple, Microsoft, Google, and Nvidia access to use it for defense.

This situation proves what the security community has warned about for years:

🔓 The balance has shifted. In cybersecurity, attacking has always been easier than defending. Mythos doesn't just narrow that gap; it widens it. While finding a vulnerability and exploiting it without being noticed are separate challenges, you can't exploit what you haven't found. Mythos has now solved the problem of large-scale vulnerability detection.

🌐 Calling this move "responsible" serves several purposes. Anthropic can announce a major breakthrough, show restraint by not releasing it, and boost its reputation as a responsible company, all at once. This isn't being cynical, it's simply how public relations works. Both can be true.

⚔️ The article mentions that OpenAI is working on something similar, and Google DeepMind will likely follow. Soon, smaller companies with fewer safety measures will offer cheaper models. The time when "responsible non-release" is a real option is running out.

I teach cybersecurity at DePaul, and for years I've told my students that AI would make both attacking and defending more accessible. Now, Mythos shows we've reached a turning point where attackers have pulled far ahead.

The real question isn't if a tool like this will be misused, but how soon a version without any safeguards will be released by someone with no accountability.

https://www.theatlantic.com/technology/2026/04/claude-mythos-hacking/686746/
#Cybersecurity #AI #Leadership #security #privacy #cloud #infosec

John Carreyrou, the reporter who took down Theranos, just spent a year trying to unmask Satoshi Nakamoto. His conclusion: it's Adam Back, the British cryptographer who literally invented a core component of Bitcoin and has spent the last decade quietly running the community that maintains it.

Back denies it. Of course he does.

This isn't a conspiracy theory stitched together from vibes. Carreyrou and a NYT data journalist ran the full mailing list archive of 34,000 users, filtered down through writing tics, hyphenation errors, spelling habits, and synonym-free technical vocabulary, and landed on one person. Back shared 67 of Satoshi's exact hyphenation errors. The next closest suspect had 38.

That's a fingerprint.

A few things worth sitting with:

🔍 Back outlined nearly every architectural feature of Bitcoin; distributed nodes, Hashcash-based mining, inflation controls, public immutability, a full decade before Bitcoin launched. Not vaguely. Specifically.

🕳️ He went silent on the Cryptography mailing list during the exact window Satoshi was active, then publicly claimed he had "participated" in those discussions. He hadn't. There's no record.

📋 He refused to produce metadata from the emails he claims Satoshi sent him. A man with nothing to hide produces the metadata.

💬 During the confrontation in El Salvador, Back apparently said something that only makes sense if he wrote the "better with code than with words" quote himself.

If Back is Satoshi, the more interesting story isn't the identity reveal. It's that the person who created a $2.4 trillion system designed to operate without any central authority has spent the last decade quietly becoming that authority. Blockstream raised a billion dollars. Back poached the core developers. He shaped the block size debate. He is, functionally, Bitcoin's most powerful insider.

The cypherpunk who wanted to free money from institutional control built an institution. That's either irony or it's the plan.

https://www.nytimes.com/2026/04/08/business/bitcoin-satoshi-nakamoto-identity-adam-back.html
#Bitcoin #Crypto #Cybersecurity #security #privacy #cloud #infosec

A startup is putting military-style drones in high school ceilings. Ceiling-mounted. Charging. Waiting. And when something happens, a pilot in Austin, Texas, decides whether to deploy pepper gel on your kid's school. I'm not saying the problem isn't real. It absolutely is. But read that back.... in schools. We've taken a Ukrainian battlefield tactic against Russian soldiers and ported it to Deltona High School in Florida. The co-founder literally said the idea came from watching drone videos of the war in Ukraine. The chief pilot described it as "cheating in a video game after you die." These are children.

Here's what's not in the headline:

🔒 The drones use an encrypted connection — but the article notes they're potentially vulnerable to cyberattack. A compromised drone in a crowded hallway isn't a security tool; it's a weapon pointed in the wrong direction.

⚖️ Mithril reserves the right to act independently during an attack, without waiting for law enforcement. A private company operating remotely is making use-of-force decisions at a school.

💰 Florida and Georgia approved $500K+ each for this. A group of Texas parents raised $200K more. That's real money going to ceiling drones instead of mental health services, counselors, or de-escalation programs.

The ACLU said it plainly: when force becomes a zero-risk remote action, it gets overused. Axon tried a Taser drone for schools in 2022, and its own ethics board killed it. Mithril is picking up where that got dropped.

I teach cybersecurity. I've spent years in boardrooms helping organizations think through risk. And the risk calculus here isn't just about whether the drone works. It's about what we're normalizing when we turn schools into drone-monitored combat zones and call it progress.

"This is the future," said the sheriff's captain.

I hope not.

https://www.wsj.com/business/a-startup-is-supplying-drones-to-high-schools-to-stop-mass-shootings-a7800ade

#SchoolSafety #Cybersecurity #Leadership #security #privacy #cloud #infosec

Today I'm attending C-Vision International's CIO & CISO Think Tank here in Chicago, and the agenda is not messing around.

Agentic AI risks. Shadow AI governance. Vulnerability management in a world where AI has collapsed the exploitation window to near zero. And yes, a session on why soft skills are still the real differentiator for leaders in this space.

Good rooms make you think differently. This is one of those rooms.

https://www.cvisionintl.com/events/think-tank/2026-apr-9-cio-ciso-tt-chicago/
#CIO #CISO #Chicago #AI #Cybersecurity #Leadership #AgenticAI #RHRInternational #DePaulUniversity

☢️ Last May, OpenAI representatives showed up at Los Alamos National Laboratory with armed security escorts and locked metal briefcases. Inside: the model weights for ChatGPT o3, which they then installed on Venado, one of the most powerful supercomputers on earth. By August, Venado was moved onto a classified network with access to nuclear weapons data. 🤖 Let that sit for a second. 😳 A quote from a researcher who's been in nuclear testing since the 1980s: "We're doing calculations I could only dream of doing before." The implication being that AI isn't just a productivity tool at Los Alamos. It's changing what questions they can even ask.

🧠 Scientists there are using AI to simulate how weapons respond to stress without live detonation tests, which the US hasn't conducted since 1992. Eighty years of nuclear test data is now training data.

⚡ The $320M Genesis Mission program aims to double the productivity of American science within a decade. That's the stated goal. Across 17 national labs.

🤔 From LANL's computational sciences chief: "For the very first time, I would argue, on a really big scale, we find ourselves not in a leadership role here." The government, for once, is chasing the private sector. Not directing it.

We spend a lot of time debating AI safety in the abstract. Meanwhile, the actual story is already written, locked in a briefcase, and installed on a classified network in the New Mexico desert.

https://www.vox.com/technology/484250/los-alamos-nuclear-ai-openai-chatgpt
#AI #NationalSecurity #EmergingTech #security #privacy #cloud #infosec #cybersecurity