Security Diaries #5

Lucas Bernardo

Lucas Bernardo

6 min read
Security Diaries #5

The Evolving Cyber Threat Landscape

The threat landscape is shifting faster than most organisations can keep up with. Nation-states are testing critical infrastructure. AI is making social engineering more convincing. And attackers are finding new angles every single day.

If you work in cybersecurity, you already know this. If you don't, you should. Because these threats don't stay confined to "IT people"—they affect everyone. Job hunters, finance executives, infrastructure operators, everyday employees. No one is outside the blast radius anymore.

What follows are some of the most pressing cyber threats happening right now. Some are new twists on old tactics. Others are genuinely novel attack vectors. But all of them share something in common: they're actively happening, and they're working.

The Hidden Dangers of Online Job Applications

Open job roles on LinkedIn or Indeed are increasingly likely to be part of a cybersecurity attack rather than legitimate opportunities. Two key factors have contributed to this growing cyber threat:

  • A highly competitive job market, which has made people more desperate for employment than we've seen in a long time.
  • Advancements in AI, which have made it easier and faster to create convincing fake job listings.

As a result, job postings have become a much more common attack vector. The goal is often to lure senior professionals into joining a fake company, collect their personal information, and use it to impersonate them—sometimes even pretending to be them while working inside a victim organization.

This type of attack has been used by several nation-states. Most recently, North Korea targeted the Web3 sector through operations known as GhostCall and GhostHire. (source: The Hacker News, https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html) These attacks aim to gather intelligence on this high-value industry, with the ultimate goal of exploiting it to steal large sums of money.

If you're currently job hunting, please be aware that these kinds of attacks are actively happening. Before applying, research the company thoroughly. Is it a random startup that appeared overnight? Whenever possible, apply through official channels. If someone calls you about an application you submitted on Indeed, verify it—call Indeed directly to check if that's standard practice. Whatever you do, always research before submitting any personal data.

Why Critical Infrastructure Can't Afford to Ignore Cybersecurity

As geopolitical tensions escalate, more nations are investing in teams designed to disrupt other countries by attacking their infrastructure. Sometimes these efforts are part of actual warfare, but often they're simply used to test how vulnerable certain systems are—providing a clear indicator of weaknesses that could be exploited in the event of full-scale conflict.

Recently, we've seen several attacks by hacktivists targeting Canadian infrastructure. (source: Cyber.gc.ca, https://www.cyber.gc.ca/en/alerts-advisories/al25-016-internet-accessible-industrial-control-systems-ics-abused-hacktivists) These include:

  • An attack on a water facility, where water pressure values were tampered with, resulting in degraded service for the local community.
  • An incident involving a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms.
  • A breach at a grain drying silo on a Canadian farm, where temperature and humidity levels were altered, potentially creating unsafe conditions if not detected in time.

This is simply unacceptable for such critical national resources. These attacks should not be happening—especially at such a small scale, carried out by hacktivists who typically operate with limited resources.

Critical infrastructure must invest heavily in cybersecurity. This includes maintaining accurate asset inventories, continuously scanning for vulnerabilities, and remediating issues as quickly as possible.

LinkedIn is Becoming The New Frontier for Cyber Attacks

As more and more people sign up for LinkedIn with hopes of building their personal brand and finding job roles, it has become a honeypot for malicious actors looking to exploit the naivety of people.

Malicious actors are now messaging senior leaders and regular individuals, using their information on LinkedIn as an entry point and trying to exploit them into taking actions they would have otherwise not taken.

Most recently, hackers have been targeting finance executives, inviting them to what seems like executive board invitations, with the hopes that the links are clicked and their Microsoft credentials are stolen. The links lead to malicious websites designed to capture credentials.

As Push Security noted, "sending phishing lures via social media apps like LinkedIn is a great way to reach employees in a place that they expect to be contacted by people outside of their organization." (source: Push Security)

Tips against Social Engineering still apply in what you might think is a safe environment. Don't trust by default. Just because something is on a professional platform does not mean it is safe. For more details on what social engineering is and how to defend against it, check out this video I created on the topic.

There Should Be a Bigger Push for Discovering Your Attack Surface

One of the most important tools in my opinion is External Attack Surface Management (EASM). For small companies, it's usually easy to keep a detailed record of their asset inventory. But as a company grows, this becomes a lot harder. More teams, more cloud services, more shadow IT—it all adds up. And with that growth, managing and remediating vulnerabilities becomes even more challenging.

That's where an EASM solution comes in. First, it helps track all your public-facing assets—yes, even the ones you might have forgotten about. These are arguably the most important to monitor because attackers typically start from the outside. In fact, EASM tools are designed to give you an "attacker's-eye view" of your organisation's digital footprint, helping you spot what they might target.

Secondly, once you know which assets are exposed to the internet, you can prioritise them properly. This makes your remediation efforts more focused and helps you meet SLAs more efficiently. It means you're improving your security posture more effectively, leading to much more meaningful change.

In short, EASM helps you stay ahead of threats by continuously discovering, monitoring, and managing your external attack surface. It's a must-have if your organisation is scaling fast or has a complex digital presence.

OpenAI's Agentic Security Researcher

In a push to AI everything—partly in hopes that it will lead to the $1 trillion valuation they're seeking ahead of their IPO—OpenAI has announced Aardvark, a new AI specialising in monitoring source code, identifying vulnerabilities, assessing exploitability, prioritising severity, and proposing patches for these vulnerabilities.

My initial thoughts are: this sounds really good! It could completely replace traditional SAST tools, and possibly with a later iteration replace DAST too. I mean, the potential is significant—it could even start doing compute vulnerability scanning!

But of course, with such ambition, we need to face reality. It probably isn't going to be nearly as good as modern-day SAST tools, and it probably won't do what I said above in the near future. But what I will say is that it's a good start.

How It Works

Aardvark operates by:

  1. Monitoring commits and changes to a codebase.
  2. Identifying vulnerabilities through static analysis.
  3. Threat modelling how they could be exploited.
  4. Proposing remediation steps.

Aardvark does not rely on traditional fuzzing or software composition analysis techniques to identify vulnerabilities. Instead, it uses LLM-powered reasoning and tool-use to understand code behaviour.

As OpenAI describes it: "Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more." (source: OpenAI, https://openai.com/index/introducing-aardvark/)

Aardvark will even attempt to validate its findings of vulnerabilities by simulating a sandbox environment and attempting to exploit it.

With this news, you can sign up for the private beta to test this out yourself and really see how useful it is. For more details, you can find the full article on OpenAI's blog.

Further Reading

  • OCR could improve context window dramatically!
  • PewDiePie builds his own self-hosted LLM - It seems like PewDiePie is really moving towards the "don't trust your tech" angle, and some cool things are coming out of it. Video & Articles are below:
  • NCSC Cyber Series Podcast - A solid podcast keeping you up-to-date with important UK cybersecurity updates. I wish it was more consistent, but it seems to be monthly/every couple of months.

Final Thoughts

If you've read through this entire article, thank you. Let me know if there is anything you want me to look at and explain, especially if you think it would help others out too.

Thanks for reading this edition of Security Diaries. My goal is to document the progress I make learning more about technology and cybersecurity, with the hopes of inspiring others, informing others, and show that I know what I claim to know.

Read more