As if we needed more things to put on the blockchain…

Throughout 2025, cybersecurity and tech vendors have sounded the alarm about an adversarial tactic called EtherHiding. This stealthy attack buries malware components in smart contracts on the blockchain ledger.

The attack is a tricky one for defenders to mitigate, given how the blockchain is decentralized and often spread across an immense network, with many potential points for a multi-stage attack. Over the past few years, software developer interest in Web3, which attempts to build decentralized online ecosystems using blockchain technology, has only increased the potential attack surface for exploits like EtherHiding.

“These attack chains are becoming increasingly more difficult. Even if you don’t have a particular interest in Web3 or an application for it, understanding how this type of attack works can help to inform your posture and not only your policies, but also your training,” Andrew Northern, principal security researcher with internet intel platform Censys, told IT Brew.

IT pros shared seeking strategies here.—BH

December capped off an exciting 2025 in the C-suite with some final shuffling before the New Year.

HackerOne gets some help on the executive side

Cybersecurity firm HackerOne welcomed two new execs, showing the continued strength of the cybersecurity subsector despite an uncertain economy.

The company named Stephanie Furfaro as chief revenue officer and Stacy Leidwinger as chief marketing officer on December 9, marking an effort to “scale” the company’s global footprint. In a press release, CEO Kara Sprague said the hires were aimed at expansion: “Stephanie’s experience scaling global revenue organizations and Stacy’s leadership in brand and growth marketing will strengthen every part of our go-to-market engine.”

No end to C-suite drama as we head into 2026.—EH

The cybersecurity industry is wrestling with a thorny issue as we enter 2026: a significant skills shortage.

According to a recent ISC2 study, 63% of organizations reported having a slight or significant cybersecurity staff shortage at their organization, down from 68% in 2024. But while organizations are getting better at solving their headcount problems, they have issues with finding employees with the right expertise: More than half (59%) of surveyed professionals said they currently have a critical or significant skills need, up 44% YoY. (The study is based on a survey of 16,029 cybersecurity professionals in North America, Latin America, EMEA, and the Asia–Pacific region.)

Three in 10 organizations say they can’t find talent with the right skills, while another 29% blame not having a large enough budget to hire enough cybersecurity pros. Almost one-quarter (23%) of organizations say they have a retention problem with skilled talent.

See the stats over her.—BM

The feeling of getting a 5/5 on the Brew’s weekly news quiz has been compared to getting a company-wide shout-out from your boss. It’s that satisfying.

CollabWORK connects you to the hidden job market through IT Brew and other trusted channels. Browse roles curated specifically for this community by clicking through to the job board.