A set of CareerBuilder phishing emails have emerged. The attack centers around CareerBuilders resume upload feature, which lets prospective employees attach a document file containing their resume to specific job applications. Security firm Proofpoint found that the malicious files use a chain attack approach, starting with vulnerabilities such as CVE-2014-1761 or CVE-2012-0158 to place a binary on the target system. On a large scale, think of it like phishing with dynamite: This kind of attack would grab all but the most elusive fish, and savvy IT users could be easily fooled.”]
Source: https://securityintelligence.com/news/careerbuilder-phishing-emails-no-lure-needed/