The Cybersecurity Job Market: Is Cyber Still Worth It In 2026?

Happy Tuesday, all! It’s been a crazy few weeks on the AI and Security front on top of all the news headlines.

I got a chance to spin up my own AI bot on a Mac Mini that I recently got, so I’m excited to share more there once things are setup. 🎉 

I also wanted to share a recent analysis of the overall cyber job market I made a video on here:

And with that, let’s get into this week’s cyber news headlines!

1. Vimeo Confirms User Data Stolen in Third-Party Breach

Vimeo, the major video hosting platform serving millions of users worldwide, confirmed on April 28 that an unauthorized actor accessed user and customer data.

The breach traces back to Anodot, a third-party analytics provider that was compromised earlier in April.

ShinyHunters claims it exfiltrated data from Vimeo's Snowflake and Google BigQuery instances through the compromised Anodot integration, and issued a "pay or leak" ultimatum with an April 30 deadline.

The exposed information primarily includes technical data, video titles, metadata, and in some cases customer email addresses.

Vimeo says no video content, login credentials, or payment information was exposed.

Why it matters: This is the same playbook hitting the same crowd over and over.

Anodot's compromise has rippled out to multiple big names, including Rockstar Games and Zara, all because of one third-party integration that quietly held the keys to multiple companies' analytics environments.

If you build, market, or run a business that depends on cloud analytics tools, take a hard look at every integration that has read access to your data warehouses and ask what would happen if that vendor got popped tomorrow.

Read more at TechRadar

2. PyTorch Lightning Hijacked on PyPI in Supply Chain Attack

On April 30, attackers pushed two malicious versions of the popular PyTorch Lightning Python package, 2.6.2 and 2.6.3, to the PyPI registry.

The package sees over 7.9 million monthly downloads and is widely used for deep learning workflows like LLM fine tuning, image classification, and time series forecasting.

Just importing the malicious package triggered a hidden script that downloaded the Bun JavaScript runtime and executed an 11 MB obfuscated payload designed to steal cloud credentials, GitHub tokens, SSH keys, and shell histories.

Stolen GitHub tokens were then used to push worm-like commits into victim repositories, disguised as routine dependency updates.

PyPI quarantined the malicious versions roughly 42 minutes after publication, and the only confirmed clean release is 2.6.1.

Why it matters: Supply chain attacks are now happening in minutes, not days.

If you or your team installed Lightning 2.6.2 or 2.6.3, treat the affected machine as compromised, rotate every credential that touched it, and audit your repositories for unexpected commits.

This attack also targeted developer tools by planting persistence hooks in Claude Code and VS Code settings that fire whenever the project folder is opened, which is a new and worrying tactic worth watching closely.

Read more at The Hacker News

3. Medtronic Confirms Breach as ShinyHunters Claims 9 Million Records Stolen

Medical device giant Medtronic confirmed on April 24 that an unauthorized party accessed parts of its corporate IT systems.

The cybercriminal group ShinyHunters claims it stole more than 9 million records containing personally identifiable information along with terabytes of internal corporate data.

Medtronic has not verified those numbers.

The company says its products, manufacturing, distribution operations, and patient safety systems were not affected because they sit on networks separate from corporate IT.

Medtronic was removed from the ShinyHunters leak site after an April 21 ransom deadline passed, which often signals negotiations or payment behind the scenes.

Why it matters: Even when a breach hits "only" corporate IT, the data sitting in those environments can include employee, patient, and partner information that fuels identity theft and targeted phishing for years.

ShinyHunters has been on a tear in 2025 and 2026, hitting names like Zara, 7-Eleven, and Carnival Corporation, which means patient and employee data from one of the world's largest medtech companies is now in the hands of an extortion crew with a long track record of leaking what it steals.

Read more at SecurityWeek

This week made one thing very clear.

ShinyHunters is not slowing down, and the pattern they have built is working scarily well.

Three of this week's biggest stories trace back to the same crew using social engineering, single sign on compromises, and third-party SaaS integrations to walk into Fortune-class companies without ever firing off a sophisticated exploit.

The companies that pay attention now to vishing training, SSO hardening, and vendor risk are going to weather the next wave a lot better than the ones who do not.

Stay patched. Stay skeptical. Talk soon.

Sandra | withcybersandra.com