it

Security news weekly round-up - 2nd January 2026

Published: (January 2, 2026 at 05:58 PM EST)
2 min read
Source: Dev.to

Source: Dev.to

LinkedIn Job Scam – Global Threat

When your instincts tell you that a job posting might be a scam, trust them and walk away. Falling for the bait can result in loss of money or compromise of your LinkedIn account.

Key points from the article

  • Scammers tailor their tactics to local cultural expectations, industry trends, and economic pressures.
  • In Mexico, fraudsters exploit the informal job market by advertising fake formal roles that promise security.
  • In Nigeria, attackers often persuade LinkedIn users to share their login credentials by offering paid work.

Malicious npm Packages Used as Phishing Infrastructure

Cybercriminals increasingly use compromised npm packages to steal login credentials. Protecting yourself requires a combination of technical controls and user awareness.

Recommendations from the article

  • Enforce stringent dependency verification.
  • Log unusual CDN requests that originate from non‑development contexts.
  • Deploy phishing‑resistant multi‑factor authentication (MFA).
  • Monitor for suspicious post‑authentication events.

GPS Vulnerability to Jamming

GPS signals are critical to many modern systems beyond navigation, including:

  • Smart lighting that adjusts to sunset.
  • Dating apps that match users based on proximity.
  • Electrical grid synchronization.
  • Cellular networks, banking, defense technology, and industrial robotics.

Jamming GPS can disrupt all of these services. The article outlines current mitigation strategies and future directions for protecting GPS‑dependent infrastructure.

Abuse of Google Cloud Email Feature in Multi‑Stage Phishing

Even emails that appear to come from a trusted sender can be malicious. Attackers can misuse Google Cloud’s email automation capabilities to send phishing messages that bypass standard authentication checks.

Takeaway from the article

  • The ability to configure emails to any arbitrary address allows threat actors to send messages from Google‑owned domains, effectively evading DMARC and SPF protections.
  • Always scrutinize the content and origin of emails before taking any action.

Cover photo by Debby Hudson on Unsplash.

Back to Blog

Related posts

Read more »

LinkedIn Job Scams

Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people...