this post was submitted on 15 Jun 2026
94 points (99.0% liked)

Technology

85515 readers
4226 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
94
A backdoor in a LinkedIn job offer (roman.pt)
submitted 2 days ago* (last edited 2 days ago) by inari@piefed.zip to c/technology@lemmy.world
6 comments fedilink hide all child comments
top 6 comments
sorted by: hot top controversial new old
[โ€“] ivan@piefed.social 28 points 2 days ago* (last edited 2 days ago) (1 children)

Damn, I thought LinkedIn itself got hacked, but that's just "recruiter" trying to get people to install malicious npm modules. ๐Ÿฅฑ

Good heads up tho, I periodically get folks trying some bullshit with me in there like "let's talk on WhatsApp".

[โ€“] LedgeDrop@lemmy.zip 3 points 1 day ago (1 children)

Yikes, this is spooky stuff.

In the blog post, the author mentioned that their AI agent found the malicious payload.

That reminded me of people writing malicious AI prompts. I find it shocking , that you really cannot trust 3rd party code and cannot safely use AI as a tool to quickly audit said code.

I wonder if interviewing will come full circle and we'll go back to resumes, phone interview, then in-person interviews. Rather, than the whole "take home project" crap (well... at least I have another reason to opt of them).

[โ€“] ivan@piefed.social 1 points 1 day ago

I think there will be some inventions in regard of "take home projects" like certification of said tasks, secure repositories - things that let you easily check if whatever you just got is legit, or maybe in-browser environments for doing tasks, where it's all handled on employers servers. Just takes someone to formulate an idea that could be sold and rest is details.

And as of resumes, phone interviews and in-person interviews - kinda happened already, at least speaking from my engineer's perspective. Today just hiring someone without in-person interview is a bit foolish due to how easy it is to just open ChatGPT tab or whatever on another screen. And potential engineers then are invited to an in-person interview and fail it miserably after giving somewhat competent answers in online call.

[โ€“] gemakey@lemmy.world 15 points 2 days ago

I thought getting farmed for my resume was bad.

[โ€“] incentive@lemmy.ml 4 points 2 days ago

I just went through this same deal on LinkedIn, only I told the "recruiter" I'd need to verify with the company this is standard practice (which I did, I emailed corporate). The account vanished within a few hours of me sending that msg. Same as the article, I reported the repo to GitHub and as far as I can tell the organization and accounts associated with it are still online.

[โ€“] G0rb@infosec.pub 1 points 2 days ago

Typical DPRK-Move.