Hello. AI is reshaping what it means to be "entry-level" in the cybersecurity job pool. Of more than 500,000 total cybersecurity job postings by U.S. employers last year, only 17% were open to job seekers with less than four years of experience, according to CompTIA.

As Matthew Hartman, chief strategy officer at the Merlin Group, told us: “If we shrink the on-ramps and displace apprenticeship-style learning without creating new pathways in, we’ll face a deepening talent gap as today’s senior practitioners age out.” 

Read the story from my colleague Angus Loten. 

More news: 

• Carmaker Stellantis teams up with Microsoft to build AI cyber tools
• Prison time for two U.S. nationals who helped North Korean imposter workers
• Europol warns 75,000 would-be DDoS attackers
• 🎧 New episode of the Dow Jones Risk Journal podcast 
• And more

The parent company of global retailer Zara blamed a former tech supplier for a breach of a shopper transaction database. Spain's Inditex said customer and payment data wasn't affected. The company didn't name the tech provider. (Reuters)

Two New Jersey residents were sentenced for their parts in helping imposter tech workers from North Korea infiltrate more than 100 U.S. companies over several years. Kejia Wang of Edison, N.J., was sentenced to nine years in prison. Zhenxing Wang, of New Brunswick, N.J., received a sentence of nearly eight years. 

• The two men pleaded guilty to running laptop farms that helped North Korean scammers assume the identities of at least 80 U.S. residents in return for a combined $600,000, the Justice Department said. 

• Also, companies are still burnishing their climate credentials despite reversals in federal policy. James Rundle hosts.
• Listen every Friday on Apple Podcasts, Spotify and Amazon.

Don't do it: The Europol police agency sent emails to 75,000 would-be hackers warning them not to follow through on likely plans to launch distributed denial-of-service attacks. Their contact information came to light in recent takedowns of several DDoS-for-hire services (TechCrunch)

• Related reading from WSJ Pro: Online Crime Busts Are Teaching Hackers How to Avoid Getting Caught

Publisher McGraw Hill confirmed a ShinyHunters claim that data related to user accounts was stolen via a hack of a Salesforce customer-management system. The hacking group said it stole information about 13.5 million accounts. (Bleeping Computer)

• Related reading from WSJ Pro: Salesforce-Linked Security Breach Fallout Escalates With Qantas Leak

• People who worked at a franchisee-owned Papa John's location in Illinois from Dec. 3, 2015, to Dec. 17, 2025 are covered.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.