A recent spear-phishing campaign orchestrated by the cybercriminal group “Venom Spider” has been targeting hiring managers and recruiters by masquerading as job applicants. These deceptive emails contain malicious attachments, such as fake résumés, which, when opened, deploy a backdoor malware known as “More_eggs.” This malware grants attackers remote access to the victim’s system, enabling data theft and further infiltration. The campaign exploits the routine responsibilities of HR professionals, who frequently open attachments from unknown sources, making them particularly vulnerable. This incident underscores the critical need for organizations to implement robust cybersecurity training and protocols, especially for departments like HR that are susceptible to such targeted attacks.