Securely Built

How Many Cybersecurity Job Openings Are There? (Mar 2026) - Programs.com Cybersecurity continues to be one of the fastest-growing sectors, with millions of job openings worldwide. Global demand for cybersecurity professionals has surged, driven by rising threats and expand...

Fact or fiction?

programs.com/resources/op...

Department of Know: March 9, 2026 YouTube video by CISO Series

Check out yesterday's Department of Know.

Quick Guide to AppSec and the OWASP Top 10 2021 <p>Every company uses software to function. Whether they are a Fortune 500 technology company or a sole proprietor landscaping company, software is integral to businesses large and small. Software pro...

Check out the Short course on AppSec at: www.udemy.com/course/quick...

Application Security - The Complete Guide <p>Every company is a software company, and it' becoming more difficult to secure applications. </p><p>In an era where cyber threats are ever-evolving and increasingly sophisticated, securing applicat...

And if you really want to go deep on AppSec check out the best selling course chock full of all things AppSec at:

www.udemy.com/course/appli...

Making updates to some of my #training courses when I pick up faint snoring in the background.

Yes, she snores.

Should I go to HR about my coworker who sleeps 16 hours a day.

If you're looking for some training on AppSec see the link below in the comments.

#appsec #cybersecurity

Cybersecurity professionals are burning out on extra hours every week - Help Net Security Cybersecurity workforce burnout is accelerating as AI governance demands grow, training lags, and leaders work nearly 11 extra hours a week.

Burning the midnight oil is what we used to call it.

Today, it's 10.8 extra hours per week.

That's what cybersecurity professionals are averaging beyond their contracted schedules, according to new survey data. Nearly half are logging 11+ overtime hours weekly. One in five is pushing past 16.

Top general spotlights cyber role in Iran conflict : No more hiding in the server closet: Cyber ops mentioned alongside kinetic warfare as critical to conflict

"Across every domain — land, air, sea, cyber — the U.S. Joint Force delivered synchronized and layered effects."

That's the Chairman of the Joint Chiefs publicly putting cyber operations on equal footing with traditional warfare in the Iran conflict.

#cybersecurity #nationstate #cyberwarfare

Anthropic Drops Flagship Safety Pledge In an abrupt shift, the company may release future AI models without ironclad safety guarantees

The "everyone else is doing it, so why not us" argument.

The collective action problem has always existed. Why unilaterally disarm if others won't. Even when you know the risks of doing so are plentiful and potentially catastrophic.

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors UnsolicitedBooker targets Central Asian telecoms with LuciDoor and MarsSnake, while PseudoSticky and Cloud Atlas hit Russia.

User compromise still reigns supreme when it comes to cyberattacks.

#socialengineering #cybersecurity

thehackernews.com/2026/02/unso...

Conduent data breach could be largest in U.S. history CSRA residents are among millions whose personal information may have been exposed in a massive Conduent data breach.

Like sands through the hourglass, so are the days of our lives.

#databreach #cybersecurity

Your AI Coding Assistant Has Root Access (And That Should Terrify You) Agentic coding tools are rewriting the SDLC at breakneck speed. But the same autonomy that makes them powerful makes them dangerous.

"90% of the code we use in our applications comes from OSS contributors."

So when AI coding assistants started generating entire applications from a single prompt... why would this be any different?

Because it's worse.

#AppSec #AISecurity #SecurelyBuilt #AIAgents #DevSecOps

Poland bans Chinese cars from military bases : Dell, however, is welcome to help build a local-language LLM

I am, by no means, sticking up for China here. But....we use technology that is spying on us on a daily basis. Our phones, cars, IoT devices, health trackers, TVs, streaming devices, etc...

Most are not vetted prior to being invasive.

#cybersecurity #apt

The rise of Moltbook suggests viral AI prompts may be the next big security threat We don't need self-replicating AI models to have problems, just self-replicating prompts.

The Morris Worm for the #AI Agent Era?

Researchers are predicting the rise of a kind of self-replicating adversarial #prompt among networks of #AIagents calling it a “prompt worm” or a “prompt virus.” Self-replicating instructions that could spread through networks of communicating AI agents.

Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site 'It exploded before anyone thought to check whether the database was properly secured.'

Because of course.....

#ai #misconfiguration #cybersecurity

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms Poland linked December 2025 cyber attacks on energy and manufacturing sites to Static Tundra, involving DynoWiper and FortiGate exploits.

On December 29, 2025, coordinated #cyberattacks struck over 30 #wind and #solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers in #Poland. The attacks have been attributed to Static Tundra, a threat cluster linked to Russia's FSB.

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries Over 175,000 publicly exposed Ollama AI servers across 130 countries, with many enabling tool calling that allows code execution and LLMjacking abuse.

Are local models the new IoT?

If you are running Ollama locally (as I do) be sure that you have the service bound to the localhost address and not the public binding of 0.0.0[.]0 or a public interface.

thehackernews.com/2026/01/rese...

AWS Ends SSE-C Encryption, and a Ransomware Vector | CSA AWS ends SSE-C for S3, removing a ransomware vector and guiding users to KMS or client-side encryption.

AWS is deprecating Server-Side Encryption with Customer-provided keys (SSE-C) in April. Perhaps good riddance for some. This obscure S3 feature has become a tool for ransomware operators.

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to China-based servers.

Cybersecurity researchers have discovered two malicious Microsoft VS Code extensions that are advertised as AI-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.

There have been 1.5 million installs already, and they are still available.

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation, urging organizations to apply patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

Beyond the Hype of Specialized AI Why the "AI Bubble" is bursting, giving way to a new era of specialized models and digital architecture

We’re moving past the novelty phase toward a "Digital Factory" model—where small, specialized models (SLMs) do the heavy lifting while LLMs act as the high-level consultants.

Read my latest on the future of AI utility:

For the price of Netflix, crooks can rent AI crime ops : Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices

You've heard of Ransomware-as-a-Service, and DDoS-as-a-Service.

Behold....cybercrimeAI-as-a-service:

Cybercrime has entered its AI era, with criminals now using weaponized language models and deepfakes as cheap, off-the-shelf infrastructure rather than experimental tools, according to researchers

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice Ukrainian and German police identify Black Basta suspects as alleged leader Oleg Nefedov is added to EU Most Wanted and INTERPOL Red Notice lists.

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.

thehackernews.com/2026/01/blac...

X pulls Grok images after UK ban threat over undress tool : Image generation paywalled on X after ministers and regulators start asking awkward questions

I guess that's one way to "limit the problem". Just make people pay for it 🤷

Grok has yanked its image-generation toy out of the hands of most X users after the UK government openly weighed a ban over the AI feature that "undressed" people on command.…

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyb...

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.

Strategies in Secure AI Systems: From GenAI and Agentic AI Mastering Security's Semantic Shift

www.udemy.com/course/strat...

I built an AI training course for people who want to understand LLM #cybersecurity without hype. What’s the #1 thing you wish more #AI courses explained clearly?

Without a doubt!

Check out the latest article on threat modeling of cloud/hybrid environments.

open.substack.com/pub/securely...

Happy Holidays! My book "Threat Modeling Best Practices" is $9.99 for a limited time—only via direct order from Packt.

Learn to model threats in an increasingly insecure environment.

Don't miss out!

www.packtpub.com/en-us/produc...

#Cybersecurity #MicrosoftSecurityCopilot #HolidayDeals

A successful 2025!