Major breach at the US Treasury’s OCC. - CyberWire Daily

Summary8 min read

CyberWire Daily Summary: Major Breach at the US Treasury’s OCC (April 9, 2025)

Hosted by N2K Networks

1. Major Email Breach at the US Treasury’s OCC

Overview: On February 12, the U.S. Treasury's Office of the Comptroller of the Currency (OCC) identified a significant email breach affecting 103 email accounts, including those of OCC executives and staff. Approximately 150,000 emails dating back to May 2023 were accessed unauthorizedly, containing sensitive information related to federally regulated banks used for oversight and examinations.

Key Details:

Detection and Response: Microsoft initially flagged the breach and alerted the OCC promptly. Despite extensive investigations, the attackers' identity remains unknown. However, previous intrusions targeting Treasury entities have been linked to the China-based group Silk Typhoon.
Impact: Although the OCC asserts that the broader financial sector remains unaffected, the compromised data is classified as highly sensitive, raising concerns about potential misuse.
Current Status: The OCC has terminated the unauthorized access and continues its investigation into the breach.

Notable Quote:

"The compromised data is considered highly sensitive, and while there's no sign the wider financial sector was affected, the potential implications are significant."
— Dave Bittner, 02:45

2. Patch Tuesday Updates and Vulnerabilities

Microsoft’s Patch Tuesday: This month’s Patch Tuesday was notably heavy, with Microsoft releasing fixes for 147 vulnerabilities. Among these, five were rated as critical, including a zero-day exploit involving a malicious proxy driver used in targeted attacks.

Key Vulnerabilities:

Core Components Affected: Windows kernel, Office, and Azure services.
Urgent Actions: Organizations utilizing Microsoft infrastructure are advised to apply these patches immediately to mitigate risks.

Additional Patch Releases:

Fortinet: Released a fix for a critical vulnerability in FortiSwitch, allowing remote unauthenticated attackers to reset admin passwords via crafted requests.
Ivanti: Patched six vulnerabilities in its Endpoint Manager, with one enabling unauthenticated users to execute cross-site scripting attacks and gain administrative access.
VMware and Zoom: VMware addressed 47 issues in Tanzu with 10 marked critical, while Zoom resolved six bugs across its workplace suite.
Industrial Sector: Companies like Rockwell, Siemens, Schneider Electric, and ABB patched various ICS vulnerabilities. Siemens even recommended replacing certain power monitoring devices due to unmitigable security flaws.

Notable Quote:

"Most of the bugs hit core components like Windows kernel, Office, and Azure services. If your organization runs Microsoft infrastructure, this one's a must-do."
— Dave Bittner, 04:15

3. Critical Vulnerability in AWS Systems Manager Agent

A severe vulnerability was discovered in AWS Systems Manager Agent, allowing attackers to execute arbitrary code with root privileges. This flaw stems from improper input validation in the validatepluginid function, enabling the crafting of malicious plugin IDs through path traversal to execute unauthorized scripts in system directories.

Impact:

Scope: The vulnerability poses a significant risk as the SSM agent is widely used to manage both EC2 and on-premises servers.
Resolution: AWS patched the issue on March 5 following responsible disclosure in February.
Recommendations: Security experts urge immediate updates, validation of plugin IDs, and the adoption of safe path resolution methods like BuildSafePath.

Notable Quote:

"This incident underscores that even mature cloud tools are vulnerable and highlights the need for strict input validation and ongoing system monitoring in cloud environments."
— Dave Bittner, 06:00

4. Advocacy for Strict Export Controls on Semiconductor Chips

Technology experts are calling on Congress to maintain stringent export controls on semiconductor chips and other high-tech components to hinder China's advancements in artificial intelligence (AI) and preserve U.S. technological leadership.

Key Points:

Current Restrictions: The U.S. has historically limited China's access to advanced chips, yet the emergence of generative AI models from companies like Deepseek and Alibaba raises questions about the strategy's effectiveness.
Expert Insights: Gregory Allen from the Center for Strategic and International Studies emphasizes that these restrictions have curtailed China's AI progress and should persist. Despite advancements, Chinese firms like Deepseek still face challenges, such as a lack of high-performance computing power, predominantly supplied by U.S. made chips.
Criticism of Current Policies: Experts argue that the Biden administration's approach, which provided advance notice to Chinese firms, enabled them to stockpile parts. They advocate for tighter, more rapid controls and enhanced collaboration with tech and intelligence sectors.

Notable Quote:

"American technology is still foundational to China's AI development, giving the U.S. vital leverage."
— Dave Bittner, 07:30

5. WhatsApp for Windows Vulnerability

A critical bug in WhatsApp for Windows was identified, allowing attackers to execute malicious code by deceiving users into opening manipulated attachments. The flaw involves a mismatch between MIME type and file extension, such as an executable (.exe) file disguised as an image, which can run if clicked.

Impact and Response:

User Interaction Required: While exploiting this vulnerability necessitates user engagement, the ease of deceiving users increases the risk.
Mitigation: Meta has urged all users to update WhatsApp promptly and exercise caution when handling attachments, even from known contacts.

Notable Quote:

"Though the exploit requires user interaction, experts warn it's easy to deceive users."
— Dave Bittner, 08:45

6. CISA Issues Advisories on Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories for organizations to patch two actively exploited zero-day vulnerabilities:

Gladinet’s Center Stack Cloud Server:
- Vulnerability: Allows remote code execution through improper handling of cryptographic keys.
- Exploitation: Active since March and recently patched.
Windows Common Log File System (CLFS) Vulnerability:
- Type: Use-After-Free issue.
- Exploitation: Enables local privilege escalation and is actively exploited by Pipe Magic malware in ransomware attacks.
- Patch Deadline: Federal agencies must apply these patches by April 29th.

Notable Quote:

"Identity attack paths are easy targets for threat actors to exploit but hard for defenders to detect."
— Dave Bittner, 10:15

7. Insider Threat at University of Maryland Medical Center

A disturbing insider threat case has emerged at the University of Maryland Medical Center (UMMC). Matthew Bachela, a former pharmacist, allegedly used his access to IT systems to spy on female clinicians for nearly a decade. His actions included installing spyware on over 400 hospital and home devices, allowing him to secretly observe coworkers in intimate moments and interactions with their families.

Key Details:

Methods Used: Keyloggers were employed to steal passwords, granting access to personal accounts and cloud storage.
Organizational Failures: Despite alerts from IT staff and mounting suspicions of hacking, UMMC failed to identify or halt the breach until FBI investigations revealed the extent of the voyeurism.
Consequences: Bachela was terminated, and UMMC faces a civil lawsuit alleging negligence and violations of healthcare security laws. The incident underscores the severe emotional and reputational damage that can result from inadequate detection and oversight of insider threats.

Notable Quote:

"This case is a stark reminder of how dangerous insider threats can be when detection and oversight fail."
— Dave Bittner, 09:30

8. Interview with Jack Resider of Darknet Diaries

Guests:

Ann Johnson: Host of the Afternoon CyberTea podcast from Microsoft.
Jack Resider: Creator and host of the acclaimed podcast Darknet Diaries.

Discussion Highlights:

Podcast Creation: Jack Resider shared his motivation for starting Darknet Diaries, emphasizing a passion for storytelling in cybersecurity despite initial skepticism from established podcasters.
Storytelling Techniques: Resider discussed his approach to crafting engaging narratives, focusing on unexpected twists and the human elements behind cyber incidents.
Changing Perspectives: The conversation delved into how certain stories challenged Resider's views on morality within cybersecurity, fostering empathy towards individuals involved in cybercrimes by exploring their backgrounds and motivations.
Privacy Concerns: Resider expressed his concerns about the asymmetry between user awareness and data collection practices, advocating for increased personal privacy measures such as using burner email addresses and phone numbers to mitigate the impact of data breaches.

Notable Quotes:

"I wanted the show to exist and nobody really understood because I pitched it. A few podcasters were like, 'I don't really understand what you're talking about.'"
— Jack Resider, 12:50

"A lot of the cards are almost stacked against them to be like, you just don't want us to know that we're collecting this data."
— Jack Resider, 16:05

9. Social Security Code Rewrite: Risks and Challenges

Plans initiated by the Department of Government Efficiency, led by Steve Davis, aim to overhaul the U.S. Social Security system by replacing the legacy COBOL programming language with modern alternatives like Java Fast. This ambitious project seeks to update systems responsible for payments to over 65 million Americans.

Concerns:

System Criticality: COBOL manages essential functions, including logic, payments, and Social Security number assignments. Rapid migration risks introducing errors that could disrupt payments.
Technical Debt: The existing systems haven't seen substantial updates since the 1980s, compounded by technical debt and poor directory hygiene.
Resource Limitations: The project relies on a team of young, inexperienced engineers and an AI-driven code translation plan, raising alarms about the potential for digital disasters.
Additional Projects: The mysterious "Are You Alive?" project, aimed at rechecking beneficiaries, adds further uncertainty to the system's stability.

Expert Opinion: Industry experts express bafflement and concern over the swift and untested approach to such a critical system, warning of the profound consequences if failures occur.

Notable Quote:

"Migrating it all quickly risks unseen errors like simply not paying people at all."
— Dave Bittner, 10:45

Conclusion

April 9, 2025, highlighted significant cybersecurity developments, from a major breach at the US Treasury’s OCC to critical vulnerabilities addressed in Patch Tuesday updates. The day also underscored the importance of robust insider threat detection and the complexities involved in modernizing legacy systems. Additionally, insightful discussions with Jack Resider provided a deeper understanding of storytelling in cybersecurity and personal privacy challenges in the digital age.

For more detailed information on these stories, visit CyberWire Daily Briefing.

Produced by:

Senior Producer: Alice Carruth
Producer: Liz Stokes
Mixing: Trey Hester
Music and Sound Design: Elliot Peltzman
Executive Producer: Jennifer Ibin
Publisher: Peter Kilpe
Host: Dave Bittner

Note: This summary excludes advertisements, introductions, and outros to focus solely on the core content discussed in the podcast episode.

Loading summary

Transcript18 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K.
[00:14]
Ann Johnson
Secure access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero Trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE Treasury's OCC reports a major email breach we got some Patch Tuesday updates A critical vulnerability in AWS Systems Manager Agent allows attackers to execute arbitrary code with root privileges. Experts urged Congress to keep strict export controls to help slow China's progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution. CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft's Ann Johnson from afternoon cybertea is joined by Jack Resider, the creator and host of the acclaimed podcast Darknet Diaries. And Feds aim to rewrite Social Security code in record time. It's Wednesday, April 9th, 2025. I'm Dave Buettner and this is your CyberW Intel Briefing. Thanks for joining us here. It's great to have you with us as always. The US Treasury's Office of the Comptroller of the Currency, the OCC, reported a major email breach discovered on February 12. The incident involved unauthorized access to 103 email accounts, including those of OCC executives and staff. Hackers accessed around 150,000 emails dating back to May of 2023. Some messages contained sensitive information on federally regulated banks used for oversight and examinations. The breach was initially flagged by Microsoft, which alerted the occasional While the OCC says there's no sign the wider financial sector was affected, the compromised data is considered highly sensitive. The attacker's identity remains unknown, but previous targeting of treasury entities has been linked to China based group Silk Typhoon. The OCC has since ended the unauthorized access and is continuing its investigation. This month's Patch Tuesday was a heavyweight, with Microsoft releasing fixes for 147 vulnerabilities, five of them rated critical and one already being exploited in the wild. That zero day involved a malicious proxy driver being used in targeted attacks. Most of the bugs hit core components like Windows kernel, Office and Azure services. If your org runs Microsoft infrastructure, this one's a must do. But the patch party didn't stop there. Fortinet issued a fix for a critical bug in Fortiswitch. It allows remote unauthenticated attackers to reset admin passwords with a specially crafted request. It's a serious threat to network integrity and needs urgent patching. Ivanti patched six vulnerabilities in its endpoint Manager. One of them could let an unauthenticated user execute a cross site scripting attack and gain administrative access. VMware also delivered updates for 47 issues in Tanzu with 10 marked critical and Zoom resolved six bugs across its workplace suite. In the industrial sector, Rockwell, Siemens, Schneider Electric and ABB all patched ICS vulnerabilities. Siemens even recommended replacing a power monitoring device entirely due to security flaws that couldn't be safely mitigated with software alone. So don't delay and patch em if you got em. A critical vulnerability in AWS System Manager Agent allowed attackers to execute arbitrary code with root privileges by exploiting improper input validation in the validatepluginid function. This flaw let attackers craft malicious plugin IDs using path traversal to create and execute unauthorized scripts in system directories. Since the SSM agent is widely used to manage EC2 and on prem servers, the risk was significant. AWS patched the issue on March 5 after responsible disclosure in February. Security experts advise updating immediately validating plugin IDs and using safe Path resolution methods like Build Safe Path. This incident underscores that even mature cloud tools are vulnerable and highlights the need for strict input, validation and ongoing system monitoring in cloud environments. Technology experts urged Congress to keep strict export controls on semiconductor chips and other tech, arguing these restrictions are crucial for slowing China's progress in AI and preserving US leadership, CyberScoop reports. Although the US has long limited China's access to advanced chips, the rise of generative AI models from firms like Deepseek and Alibaba has raised doubts about the strategy's effectiveness. Still, experts like Gregory Allen of the center for Strategic and International Studies said these restrictions have already limited China's AI advancement and should continue. Deepseek, despite its progress, still struggles with a lack of high performance computing power, something only US Made chips currently provide. Experts argue that American technology is still foundational to China's AI development, giving the US Vital leverage. They also criticized the Biden administration's export control rollout, saying advance notice allowed Chinese firms to stockpile parts. They called for tighter, faster controls guided by deeper collaboration with tech and intelligence sectors. A critical bug in WhatsApp for Windows allows attackers to execute malicious code by tricking users into opening rigged attachments. The flaw, fixed in a recent version, involves a mismatch between MIME type and file extension. For example, an EXE file disguised as an image could run if clicked. Though the exploit requires user interaction, experts warn it's easy to deceive users. Meta urges everyone to update WhatsApp and be cautious with attachments, even from familiar contacts. CISA has issued an urgent call for organizations to Patch two actively exploited zero day vulnerabilities. The first is a critical flaw in Gladonet's Center Stack cloud server, which allows remote code execution via improper handling of cryptographic keys. Exploited since March, it was recently patched. The second is a Windows CLFS vulnerability, a Use after Free issue in Microsoft's Common Log file system driver enables local privilege escalation. It's actively exploited by the Pipe Magic malware in ransomware attacks, and it was addressed on patch Tuesday. CISA mandates federal agencies apply these patches by April 29th. A chilling insider threat case has rocked the University of Maryland Medical center, where a now former pharmacist allegedly used his access to IT systems to spy on female clinicians for nearly a decade. Matthew Bachela is accused of installing Spyware on over 400 hospital and home devices, enabling him to secretly watch co workers breastfeeding in intimate moments and interacting with their families. He reportedly used keyloggers to steal passwords, gaining access to personal accounts and cloud storage. Despite alerts from IT staff and suspicions of hacking, UMMC allegedly failed to identify or stop the breach. Victims only learned of the voyeurism through FBI investigations. A civil lawsuit claims UMMC was negligent, violating healthcare security laws. The hospital has since fired Bachelor and pledged to improve its cybersecurity, but the damage, both emotional and reputational, is severe. This case is a stark reminder of how dangerous insider threats can be when detection and oversight fail. Coming up after the break, Microsoft's Ann Johnson from the afternoon cybertea podcast is joined by Jack Resyder, creator and host of Darknet Diaries, and the feds aim to rewrite Social Security code in record time. Stay with us. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done. Five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[11:32]
Jack Resider
Foreign.
[11:41]
Unknown
Are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable, quantitative data. Make better decisions, reduce your uncertainty. Trust Black Kite.
[12:26]
Ann Johnson
Microsoft's Ann Johnson is host of the afternoon CyberTea podcast right here on the N2K CyberWire Network. In a recent episode, she was joined by Jack Resider, the creator and host of the acclaimed podcast Darknet Diaries.
[12:41]
Dave Bittner
Today I'm excited to welcome Jack Resider, the creator and host of fellow cybersecurity podcast the Darknet Diaries. Welcome to Afternoon Cyber 2, Jack.
[12:50]
Jack Resider
Thanks for having me.
[12:52]
Dave Bittner
I know you started on your own. You had no background in podcasting. What drove you to tell these stories and what drove you to a podcast for the medium to tell the stories?
[13:02]
Jack Resider
I wanted the show to exist and nobody really understood because I pitched it. A few podcasters, they're like, I don't really understand what you're talking about. Why would anybody want old news? We only do new news here. And so I said, well, I guess this might be something I have to make myself. If I want to hear it and it's not out there, I've got to make it myself. It is maybe one of those, what is it like overnight success but took 10 years to make right? Of all the things that I tried to do, this one is maybe one of the hardest because with a podcast you don't just like, you're done and that's it. You can walk away and let it ride. It's like every week, every day, you've got to go and make another one. It's ridiculous how much work it is to just keep it going. And I almost wish I just had like a basic SaaS app that just generates money every month without me having to do anything. This is quite a lot of fun, the ride that this has taken me on.
[13:51]
Dave Bittner
It's a lot of work, you know, and you doing it on your own. 90 million downloads in less than eight years is extraordinary. And your humility that you're showing is probably a lot of the reason why you're that successful, right?
[14:05]
Jack Resider
I mean, I take a lot of Inspiration from people who have been successful before me. I want to do that too. Teach me how you got there. And I want to join your. I want to follow in your footsteps, right? So that's kind of how I look at people who are more successful than me. It's very inspiring, and I want to get there as well.
[14:23]
Dave Bittner
So how do you go about your storytelling? How do you make the stories relatable? How do you decide which stories you're going to tell?
[14:30]
Jack Resider
A lot of tricks that I think are interesting are we start the story in a specific direction knowing that we're not going to end in that direction. We're going to end somewhere else. And so we have this strong right turn or this left turn or something. These turns that are in the story are the critical parts. And so there's a lot of people that just tell me a story of like, oh, yeah, one day I hacked into a company and I stole the assets that they wanted me to steal. And I'm like, okay, great. Where's the twist and turn? Like, did you go to the wrong company first? Did you hack the wrong thing first? Did you fail the first 20 times? That way, you know, I can pull those out in the story. That's what I'm looking for in stories. Stuff that has all these twists and turns that you never expected us to have to switch into that or go there. And that's what makes a good story for me.
[15:17]
Dave Bittner
Has a story ever challenged your perspective on the right and wrong in cybersecurity?
[15:23]
Jack Resider
I think challenging my view is always interesting. I like to pick stories that do challenge my view. Because if I'm interviewing a hacker and he's like, yeah, I hacked, please. And I'm like, that's kind of a jerk thing to do. I mean, what. So I want to back up and I want to say, okay, my first reaction is, I don't like this. My second reaction is probably similar to that. So what's my third reaction? Okay, my third reaction is, I probably don't know enough about your backstory. Tell me, what have the police done to you as you were growing up? Or how. What is your relationship with this? Tell me about your teenage years. And so then you start to get into this empathy situation where you're understanding their situation, and you're like, oh, I see. I might have done the same thing as them if I was in this position. And now you're practically cheering them on. Like, yeah, I feel for you, man. Go get them. Let's see what you got. What happens next? Right? And So I have to kind of back up and put that context into place to give me their worldview.
[16:17]
Dave Bittner
Can we talk about human beings? Human beings are a big part of cybersecurity. They're both victims, and they're also folks that perpetrate attacks. What do you think about with the average person? So, you know, if you can think about someone who's not a cyber pro, how should they be thinking about privacy? And given everything going on in the.
[16:35]
Jack Resider
World, I think there is, like an asymmetry here of what. What we think our apps are doing and our computers are doing versus what they are doing. Like, there's just a whole bunch of. A whole bunch of, you know, data collection, cookie collection, monitoring, app fingerprinting, all this kind of stuff that I don't think the average person knows. And I think the cards are almost stacked against them to be like, you just don't. Like, we don't even want you to know that we're collecting this data, right? And so we're doing extra work to keep you in the dark. And I think that asymmetry of just how much privacy you're losing versus knowing you're losing, like, what you think is safe isn't safe, and what you think is private isn't private, and all this sort of thing is growing, and I think that's a problem. I guess some people would become hopeless, like, oh, my data's always going to be in a breach or whatever, and maybe even turn to the dark side. Like, you know what? Screw it, I'm going to start my own ransomware company. I think what's changed in me over time is I've realized, wait, I do have the ability to not be impacted by these breaches. Like, obviously, the breaches are going to continue to happen, and my data is going to be in there whether I like it or not. But could I. Could that. Could I do something about that? And I think the answer is being more private, right? So I try to use fake names everywhere I go, fake email address or, you know, burner email addresses, burner phone numbers, burner credit cards, like, everything that I can possibly do so that, okay, my data got breached. Well, that's fine. That's Sam Walters and some other phone number and address that's not even in my state. And so even though your data's out there, you can still cut it off and it still has. It gives you a bigger advantage to what your privacy is today. Because if somebody knows every move you're going to do every day, that is totally different than they knew about a couple things about you 10 years ago because it was in a breach. So I think that there's still some value in cutting it off and not giving up entirely.
[18:29]
Ann Johnson
You can hear more of Ann's conversation with Jack Resider on the afternoon CyberTea podcast. You can find that right here on the N2K CyberWire network and wherever you get your favorite podcasts. What's the common denominator in security incidents? Escalations and lateral movement? When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more. Spectrops See your attack paths the way adversaries do and finally, what could possibly go wrong with a plan to rip out the foundation of the US Social Security system? In a matter of months, Wired looks at plans hatched by Doge, the Department of Government Efficiency, led by Elon Musk's confidant Steve Davis. Their mission? Ditch Cobol, the 60 year old programming language still powering payments to over 65 million Americans, and replace it with something modern like Java Fast. Experts are baffled. COBOL runs the system's logic, payments and even Social Security number assignments. Migrating it all quickly risks unseen errors like simply not paying people at all. The Social Security Administration's own systems haven't been seriously updated since the 80s. Add in a handful of young, untested engineers and a rumored AI translation plan, and you've got a recipe for digital disaster. Oh, and there's also a mysterious Are you alive? Project Rechecking beneficiaries. So yes. Massive system rewrite, AI code conversion, death, audits and benefits. Millions depend on what could possibly go wrong. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. SA Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard jobs.com.