How to Break Into Cybersecurity in 2026: A Strategic Guide: The cybersecurity industry is facing a paradox: a massive talent shortage coupled with a highly competitive entry-level market. To get hired, you must move beyond theory and demonstrate practical, "job-ready" competence. 1. Master the Technical Fundamentals Before specializing, you must understand the infrastructure you are protecting. Employers look for "T-shaped" professionals—those with broad IT knowledge and deep security expertise. Networking: Knowledge of OSI models, TCP/IP, and DNS is non-negotiable. Linux/Unix: Most security tools and server environments run on Linux. Scripting: Automation (Python or PowerShell) is essential for modern security operations. Source: Computing Technology Industry Association (CompTIA). (2024). "The Essential IT Skills for Cybersecurity Professionals." comptia.org/blog/cybersecuri… 2. Choose Your Specialization Cybersecurity is no longer a monolith. You must decide which "side" of the house you want to build your career in: Defensive (Blue Team): Monitoring networks and responding to incidents. Offensive (Red Team): Ethical hacking and vulnerability assessment. Compliance (GRC): Managing risk, policy, and legal frameworks. Source: NIST. (2023). "Workforce Framework for Cybersecurity (NICE Framework)." Special Publication 800-181r1. niccs.cisa.gov/workforce-dev… 3. Obtain Value-Driven Certifications Certifications serve as a "baseline" filter for HR departments. While they don't replace experience, they prove a standard level of knowledge. Entry Level: CompTIA Security or ISC2 Certified in Cybersecurity (CC). Intermediate/Hands-on: Blue Team Level 1 (BTL1) or Offensive Security Certified Professional (OSCP). Source: CyberSeek. (2024). "Cybersecurity Supply/Demand Heat Map and Certification Requirements." cyberseek.org/heatmap.html 4. Build a "Proof of Work" Portfolio In 2025, a degree is often secondary to a GitHub repository or a technical blog. You must prove you can use the tools of the trade. Home Labs: Document the setup of a SIEM (like ELK Stack or Splunk) in a virtual environment. CTF Write-ups: Explain your thought process in solving challenges on platforms like TryHackMe or HackThe Box. Source: SANS Institute. (2023). "Building a Cybersecurity Career: Hands-on Projects to Get You Hired." sans.org/blog/building-a-cyb… 5. Leverage the "Lillypad" Method If you cannot find an entry-level security role, look for "Cyber-adjacent" positions. Experience in IT Support, Networking, or System Administration provides the context necessary for high-level security work. Many professionals pivot into security internally by volunteering for audit or patching projects. Source: ISACA. (2024). "State of Cybersecurity Report: Workforce Trends and Hurdles." isaca.org/resources/state-of… 6. Networking and the "Hidden" Job Market Security is an industry built on trust. Engaging with local chapters of OWASP, ISSA, or DefCon groups can lead to referrals that bypass automated Resume tracking systems (ATS). Source: ISC2. (2023). "Cybersecurity Workforce Study: Looking for the Right Talent." isc2.org/Research/Workforce-… #SMEShield #CyberSecurityTips #SmallBizSecurity

CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools Missing Authentication Vulnerability Summary: The CVE-2026-35273 vulnerability is a missing authentication for critical function vulnerability in Oracle PeopleSoft Enterprise PeopleTools, which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. This vulnerability can be exploited technically by sending a specially crafted request to the affected system, allowing the attacker to bypass authentication mechanisms. An attacker can achieve takeover of the system, potentially leading to data breaches, lateral movement, and other malicious activities. The vulnerability was discovered by a third-party researcher and was disclosed to Oracle, who subsequently released a patch. The timeline of disclosure indicates that the vulnerability has been actively exploited in the wild, with known ransomware campaigns utilizing this vulnerability. The vulnerability is considered critical due to its potential impact on confidentiality, integrity, and availability of the affected systems. Oracle has released a patch to address this vulnerability, and users are urged to apply the patch as soon as possible. Technical Details: - CVE ID: CVE-2026-35273 - CVSS: 9.8 Critical - Affected Products: Oracle PeopleSoft Enterprise PeopleTools 8.59 and earlier versions - Attack Vector: Remote, no authentication required - Attack Complexity: Low, no prerequisites - Impact: Confidentiality, Integrity, Availability - Exploitation Status: Actively exploited Recommended Action: Defenders should apply the patch released by Oracle as soon as possible, ensuring compliance with CISA’s guidance on prioritizing security updates based on risk. If a patch is not available, temporary mitigations such as restricting access to the affected system and monitoring for suspicious activity should be implemented. Detection methods such as YARA rules and log patterns should be used to identify potential exploitation attempts, and incident response teams should be alerted to respond to any suspected incidents. Additionally, defenders should evaluate each asset's internet exposure and ensure adherence to patching guidelines to prevent exploitation of this vulnerability. --- Ref: nvd.nist.gov/vuln/detail/CVE… #CyberAlarm #CVE202635273 #ActiveExploit #Ransomware

جوزيف عون، قدّي واطي إنت؟ مش عم سبّك عنجد، بس بعد اللي صار الليلة، بعد ما ردّت إيران ع إسرائيل، بعد ما إسرائيل قصفت الضاحية، قدّي حاسس حالك واطي ومنبطح وحقير؟ ناطر تخبّرنا، عنجد. @LBpresidency

قلنا لكم منذ اليوم الأول إن نتائج هذه الحرب ستنتهي بانتهاء سيادة دول الخليج، وبسط إيران هيمنتها على الخليج والمنطقة، ولجم إسرائيل وإيقاعها في حرب استنزاف طويلة الأمد، ودحر الأمريكيين من المنطقة. سخر بعضكم منا حينها، وظن أنني أهذي. ما يجري اليوم يثبت صحة كلامي. إيران سحبت سيادة دول الخليج وأفلستها اقتصادياً، والقواعد الأمريكية في المنطقة تم تدميرها، والآن وقعت إسرائيل في حرب استنزاف في لبنان، فيما أصبحت إيران هي من يضبط شروط هذه الحرب. أما أمريكا؟ فقد انسحبت عملياً من المنطقة، وكلما أطلت برأسها أدبتها طهران. أما بقية الأمور فستتحقق تدريجياً. التحول الاستراتيجي بدء!

#TanStack vulnerability allows malicious npm packages to steal credentials under trusted identities Summary: A recently discovered vulnerability in TanStack, identified as CVE-2026-45321, has been found to allow malicious versions of the product to be published to the npm registry, resulting in the spread of credential-stealing malware under a trusted identity. The vulnerability is unspecified, but it is known to affect TanStack, a popular JavaScript library used for building data-driven applications. The attack works by allowing malicious actors to publish fake versions of TanStack to the npm registry, which are then downloaded and installed by unsuspecting users, compromising their systems and allowing for the theft of sensitive credentials. The scale of the attack is currently unknown, but it is believed to have affected a significant number of users, given the popularity of TanStack. The vulnerability was discovered and reported to CISA KEV, which has added it to its list of known exploited vulnerabilities. The timeline of the attack is currently unclear, but it is believed to have started when malicious actors began publishing fake versions of TanStack to the npm registry. The vulnerability affects all users of TanStack, regardless of the version or product, and it is recommended that users take immediate action to protect themselves. TanStack has not released a patch for the vulnerability, but users can mitigate the risk by verifying the authenticity of npm packages before installation. Key Findings: - The vulnerability is identified as CVE-2026-45321, with a CVSS score of 9.8, and is exploited through the npm registry, allowing malicious actors to publish fake versions of TanStack - All users of TanStack are affected, including those in the technology, finance, and healthcare sectors, with an estimated tens of thousands of systems compromised - The threat actor responsible for the attack is currently unknown, but it is believed to be a sophisticated group with experience in supply chain attacks - The exploitation status is in the wild, with multiple reports of credential-stealing malware being spread through the vulnerability - There are currently no patches available for the vulnerability, but users can mitigate the risk by verifying the authenticity of npm packages before installation and using alternative packages Assessment: The severity of the vulnerability is high, given the potential for widespread exploitation and the sensitive nature of the credentials being stolen. The likelihood of widespread exploitation is also high, given the popularity of TanStack and the ease of exploitation through the npm registry. The technology, finance, and healthcare sectors are most at risk, given their reliance on TanStack and the potential for significant financial and reputational damage. Recommended defensive actions include verifying the authenticity of npm packages before installation, using alternative packages, and monitoring systems for signs of compromise. Detection strategies include monitoring for unusual network activity, suspicious login attempts, and unexpected changes to system configurations. Overall, the vulnerability poses a significant threat to users of TanStack and requires immediate attention to mitigate the risk of exploitation. --- Source: CISA KEV This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: github.com/TanStack/router/s… ; nvd.nist.gov/vuln/detail/CVE… #CVE202645321 #Malware #Vulnerability #IdentitySecurity

RT @sahar_ghaddar: نيويورك تايمز اليوم عاملة مقال عن المفاجآت التي حصلت في الأراضي اللبنانية "للجيش الاسرائيلي" من المسيّرات والقدرة وغيرها…

Israel is explicitly warning Christian residents in southern Lebanon not to welcome Muslim residents among them, threatening to bomb Christian neighborhoods. Israel is now searching for Muslims hiding in the attics of Christians. It’s not 1944. Read that again. The goal isn't military. It's destabilizing social stability in Lebanon.

People dumping Trump over gas prices and not child rape is scary.

RT @xIsraelExposedx: There are so many massacres of children by Israel that it is impossible to count them all.

The golden age of the "Big Tech" dream is officially in the rearview mirror, and the situation at Meta is the perfect case study for the industry's identity crisis. A new report detailing the internal culture at Meta paints a grim picture: from rank-and-file engineers to veteran leaders, almost everyone is unhappy. What was once the pinnacle of "perks and prestige" has transformed into a high-pressure environment defined by "efficiency" mandates, constant restructuring, and a fundamental shift in the employee-employer social contract. Here is why this matters for the future of tech: The "Year of Efficiency" is now a Permanent State: What started as a necessary market correction in 2023 has become the new operating manual. Mark Zuckerberg’s push for a "flatter" organization has stripped away middle management, leaving remaining employees with double the workload and half the support. The "move fast" mantra is back, but without the resources that once made it sustainable. The Loss of Agency: Long-time employees describe a shift from a mission-driven culture to one of survival. The pivot to the Metaverse—and now the pivot to AI—has left many feeling like they are building on shifting sands. When the north star changes every 12 months, "impact" becomes a moving target that's impossible to hit. The Death of the "Pampered Engineer": It’s not just about the loss of laundry services or gourmet cafeterias. It’s about the psychological shift. Meta was built on the idea that if you take care of the talent, the talent takes care of the innovation. Now, the talent feels like a line item on a spreadsheet, leading to a massive drain in institutional knowledge. The Management Paradox: By removing layers of management, Meta has created a bottleneck. Professional growth is stalled, mentorship is non-existent, and "career ladders" have turned into "career treadmills." The tech industry used to compete on culture. Today, it’s a war of attrition. If even the most profitable companies on earth can’t keep their talent engaged, we are heading toward a massive talent redistribution. Developers are increasingly looking toward smaller, leaner startups where they actually have a say, or leaving the corporate grind entirely. aol.com/finance/everyone-unh… #Meta #TechNews #WorkCulture #BigTech #Zuckerberg #BusinessStrategy #FutureOfWork

The US Army's sudden cancellation of a major deployment to Poland has sparked intense criticism from lawmakers and allies, with many viewing the move as a significant strategic misstep. Summary: The US Army has canceled a planned deployment of over 4000 soldiers to Poland, a move that has been met with widespread criticism from lawmakers and allies. The deployment, which was scheduled to begin this month, was part of a 9-month rotation to Europe by the 2nd Armored Brigade Combat Team, 1st Cavalry Division. Acting Army Chief of Staff Gen. Christopher LaNeve and Army Secretary Dan Driscoll were questioned about the decision during a House Armed Services Committee hearing, with LaNeve stating that the order to halt the deployment came from Defense Secretary Pete Hegseth. The decision was made in the last two weeks, according to LaNeve, and has been downplayed as part of routine manning reviews. However, lawmakers such as Rep. Don Bacon, R-Neb., have expressed concerns that the move sends a "terrible message to Russia and our allies." The cancellation has also been met with surprise and disappointment from Polish leaders, who were reportedly "blindsided" by the decision. The move has significant implications for regional stability and the US's commitment to its allies in Eastern Europe. As Bacon noted, the decision is a "slap in the face" to Poland and other allies who are counting on the US for support. Key Details: - The canceled deployment was part of a larger effort to bolster the US military presence in Eastern Europe, with the 2nd Armored Brigade Combat Team, 1st Cavalry Division set to replace the 1st Armored Brigade Combat Team, 1st Infantry Division. - The decision to cancel the deployment was made by Defense Secretary Pete Hegseth, with Gen. Alexus Grynkewich, commander of U.S. European Command a nd the NATO Supreme Allied Commander Europe, reportedly expressing reservations about the order. - The US Army has attempted to downplay the significance of the cancellation, with LaNeve and Driscoll characterizing it as part of routine manning r eviews. - Lawmakers such as Rep. Don Bacon, R-Neb., have expressed strong opposition to the decision, arguing that it undermines the US's commitment to its a llies and sends a negative signal to Russia. - The cancellation has significant implications for the US's relationship with Poland and other Eastern European allies, who are increasingly looking to the US for support in the face of Russian aggression. Strategic Implications: The cancellation of the US Army's deployment to Poland has significant implications for regional stability and the US's commitment to its allies in Eastern Europe. The move is likely to be viewed as a sign of weakness by Russia, which has been seeking to expand its influence in the region. The decision may also undermine the US's relationships with its allies in Eastern Europe, who are counting on the US for support and protection. The cancellation may also have broader implications for the US's military posture in Europe, with some lawmakers arguing that it undermines the US's ability to deter Russian aggression. The move is reminiscent of the US's decision to withdraw troops from Europe in the 1990s, which was widely seen as a mistake in hindsight. The US's allies in Eastern Europe are likely to be watching the situation closely, and may seek to reassess their relationships with the US in light of the cancellation. --- Source: Defense News defensenews.com/news/your-mi… #Russia #NATO #Europe #Geopolitics

A massive educational data breach has been discovered, affecting nearly 9000 institutions, including every Ivy League university, and 30 million students, with the ShinyHunters hacking group claiming responsibility for the attack. Summary: The ShinyHunters hacking group has claimed responsibility for the largest educational data breach in history, affecting nearly 9000 institutions, including every Ivy League university, and 30 million students, with the breach occurring mid-finals, and the hackers initially demanding payment from Canvas's parent company, but when the company refused to pay and instead announced the deployment of security patches, the hackers returned and released the stolen data. The attack is believed to have been carried out through the exploitation of a vulnerability in the Canvas learning management system, with the exact technical details of the vulnerability not yet publicly disclosed, the breach is thought to have occurred over several months, with the hackers gaining access to sensitive student and faculty data, including names, email addresses, and course materials, the ShinyHunters group has a history of carrying out high-profile breaches and selling stolen data on the dark web, and the breach highlights the need for improved cybersecurity measures in the education sector. Key Findings: - The ShinyHunters hacking group is believed to have exploited a vulnerability in the Canvas learning management system to gain access to sensitive student and faculty data - Nearly 9000 institutions, including every Ivy League university, and 30 million students are affected by the breach - The breach is thought to have occurred over several months, with the hackers gaining access to sensitive data, including names, email addresses, and course materials - The ShinyHunters group has a history of carrying out high-profile breaches and selling stolen data on the dark web - The breach highlights the need for improved cybersecurity measures in the education sector, including regular security patches and updates, as well as employee training and awareness programs Assessment: The severity of this breach is extremely high, given the large number of institutions and students affected, and the sensitive nature of the data that was stolen. The likelihood of widespread exploitation is also high, as the ShinyHunters group has a history of selling stolen data on the dark web, and the education sector is a high-value target for hackers, the recommended defensive actions include implementing regular security patches and updates, as well as employee training and awareness programs, and the detection strategies include monitoring for suspicious activity, such as unusual login attempts or data transfers, and implementing incident response plans to quickly respond to breaches, the education sector is most at risk, and should take immediate action to improve their cybersecurity measures, including conducting regular security audits and risk ssessments. --- Source: GRAHAM CLULEY grahamcluley.com/smashing-se… #DataBreach #Malware #Exploit #Patch

Ukraine and the US draft a memorandum to enable Ukrainian arms exports to the US for the first time since 2022, in a bid to inject Kyiv's combat experience into the military's equipment supply chains. Summary: The US State Department and Ukraine's ambassador in Washington, Olha Stefanishyna, have outlined a memorandum that would allow Ukrainian drone technology to be sold to the US through joint ventures on American soil. This development comes after years of Ukraine struggling to arm its one million active-duty soldiers, with Kyiv wary of allowing its domestic producers to sell their weapons abroad. The draft agreement would open a legal channel for Kyiv to sell its weapons to the US for the first time since it effectively banned arms exports in 2022. President Volodymyr Zelenskyy has been actively promoting the new framework, dubbed "Drone Deals," which aims to integrate Ukrainian producers into joint ventures and tech-transfer arrangements with American firms. Zelenskyy announced the new framework at a May 13 summit in Bucharest, Romania, with delegates from NATO's nine eastern-flank members and their Nordic allies. The Ukrainian military will have priority and sufficient supply, with the volume beyond that going to export, according to Zelenskyy. This move is significant as it marks a shift in Ukraine's arms export policy, with the country seeking to capitalize on its combat experience and manufacturing capabilities. The development is also seen as a boost to Ukraine's arms industry, which has struggled to scale up due to export bans, funding limitations, and manufacturing challenges caused by the ongoing war. Key Details: - The memorandum between the US State Department and Ukrainian Ambassador Olha stefanishyna would enable Ukrainian drone technology to be sold to the US through joint ventures on American soil. - The draft agreement would open a legal channel for Kyiv to sell its weapons to the US for the first time since it effectively banned arms exports in 2022. - Ukraine has adopted an export framework dubbed "Drone Deals," which aims to integrate Ukrainian producers into joint ventures and tech-transfer arrangements with American firms. - The development comes after Washington lifted a 1997 import ban, with Kyiv signing four bilateral export contracts and pursuing roughly 20 more across the Middle East and partner countries. - President Volodymyr Zelenskyy has been actively promoting the new framework, announcing it at a May 13 summit in Bucharest, Romania, with delegates from NATO's nine eastern-flank members and their Nordic allies. Strategic Implications: The development is likely to have significant implications for Ukraine's arms industry, with the country seeking to capitalize on its combat experience and manufacturing capabilities. The move is also expected to boost Ukraine's relations with the US and other Western countries, with the potential for increased cooperation and investment in the arms sector. The development may also impact regional stability, with Ukraine's increased military capabilities potentially altering the balance of power in the region. Historically, the development is reminiscent of similar arrangements between the US and other countries, such as the US-Poland alliance, which has seen significant cooperation in the arms sector. The development is likely to be closely watched by other countries in the region, including Russia, which has been critical of Ukraine's increasing military cooperation with Western countries. --- Source: Defense News defensenews.com/global/europ… #Russia #Ukraine #NATO #OilMarkets

US gasoline stocks are at their lowest seasonal level for more than a decade, per FT:

الصحافي غسان سعود: "سيدة أولى إجت كل الوقت لتقول إنه هي الصورة الحلوة والودودة ومدري إيش.. 45 يوم، 50 يوم نزوح، ما في مدرسة تزوريها؟ أي إنسانية كنتِ عم بتبيعينا؟ ما في مركز سرطان تطلعي تفتحيه وتقولي هذا المركز مخصص للنازحين؟ شوي بيموت عيلة مسيحية، بتفتحي قصر بعبدا لتستقبليهم!"

A moment that everyone fears in life 💔

غسان سركيس: بالـ ٨٢ كنت مع "إسرائيل"، كنت مبسوط بـ ٦ أيام وصلوا ع بيروت جايين يعطونا بلد حلو، إلى أن شفنا نجاستهم وزعرنتهم.. وكيف علّمونا نتقاتل مع بعضنا.. بالـ ٢٠٠٠ بكل فخر، أهديت بطولة آسيا لأكبر شهيد، السيد حسن نصر الله. #وقائع

ولا ابن عاهرة مسيحي من الي بعووو علينا فتح تمه عهل صورة.. لأنكم بلا كرامة حقكم ليرة