Cybersecurity Decrypted #34: May 15

Want more stories like this? Subscribe to our Decrypted newsletter.

📰 Headlines

- Pwn2Own Berlin—an ethical hacking event—awarded $1 million in prize money to participants for discovering 28 unique zero-days. 7 of those zero-days came from the event’s new AI category. 🔗

- A partnership of US, European, and Japanese authorities and tech companies has taken down one of the world’s most popular infostealers. 🔗

- Two NIST and CISA researchers have pitched a new metric called Likely Exploited Vulnerabilities (LEVs) to calculate the likelihood that a vulnerability has been exploited in the wild. 🔗

- The FBI has warned that scammers are using text messages and AI-generated voice messages to impersonate senior government officials with the aim of accessing personal accounts. 🔗

- Coinbase has disclosed that over 69k users were impacted by a recent breach in which rogue contractors stole personal information such as names, addresses, and phone numbers. 🔗

📡 Threat Watch

- A trojanized version of KeePass password manager is being used to deploy ransomware, according to researchers at WithSecure. 🔗

- Trojanized versions of the RVTools website are being used to distribute malware. Parent company Dell has advised customers against searching for or downloading RVTools software from unofficial websites or sources. 🔗

- APT group “Hazy Hawk” has been abusing DNS misconfigurations to spread malware from several legitimate domains, including governments, universities, and Fortune 500 companies. 🔗

- APT group “Sidewinder” has been targeting high-level government institutions in Sri Lanka, Bangladesh, and Pakistan with a geofenced malware campaign. 🔗

🪲Patches And Updates

- Mozilla has released patches for two Firefox vulnerabilities discovered at Pwn2Own Berlin. The researchers were rewarded with $50k each by the ethical hacking contest. 🔗

- CodeRevolution has patched an RCE flaw in its “Crawlomatic” WordPress plugin. The vulnerability was allowing unrestricted file uploads without authentication. 🔗

- Broadcom-owned VMWare has released urgent patches to fix issues in its flagship infrastructure. Discovered by NATO Cyber Security Centre, the vulnerabilities exposed users to data leakage, command execution, and DoS attacks. 🔗

🚨 Industry News

- Google has made several product announcements at its I/O 2025 event, including the ability for Chrome to automatically update compromised passwords. 🔗

- JumpCloud has acquired PAM provider VaultOne. The acquisition will allow JumpCloud to provide “a truly unified and secure IT experience for organizations of all sizes.” 🔗

- Exabeam and Vectra AI have announced a strategic partnership to improve their threat detection capabilities and streamline security operations. 🔗

- Tenable has added third-party connectors to its TenableOne exposure management platform, which allow it to ingest telemetry from other vendors and provide a “holistic view and analysis” of the attack surface. 🔗

- Palo Alto Networks has reported high-than-estimated earnings for the latest quarter. 🔗

🌎 Global News

- The UK’s Legal Aid Agency has suffered a major data breach. Attackers have stolen “a significant amount” of personal data from anyone who has used the service to apply for legal aid since 2010. The service has now been taken down. 🔗

- CISA has appointed Madhu Gottumukkala as its new Deputy Director. 🔗

- The EU has announced new sanctions targeting individuals and entities enabling Russian cyber-espionage, disinformation, and sabotage. 🔗

- Several Russian state services have been disrupted by a large-scale DDoS attack. As of yet, no hacking group has claimed responsibility for the alleged attacks. 🔗

- In an effort to protect national security, the Dutch and Japanese governments have passed new laws that expand the criminalization of cyber-espionage activities. 🔗

- Peter Green Chilled has become the latest victim in a string of cyberattacks targeting UK retailers. 🔗

💡Cybersecurity Solution Spotlight

A selection of top cybersecurity solutions we’ve reviewed recently. Check them out!

- Action1 provides fast, easy patch management for small teams – free account available. Read our review here.

- Crashplan provides flexible backup and controls for SaaS apps like M365 and Google Workspace. Read our review.

- Proofpoint is the world’s largest email security provider, delivering protection to organizations of all sizes. Check out our review.

- Twingate is a highly effective zero trust network access solution that enables organizations to easily provision secure, remote access. Read our review.

- Libraesva provides strong email security for medium and large enterprises or educational clients. Read our review of the service.

🎙️The Expert Insights Podcast

The Expert Insights Podcast is your go-to source for insights from cybersecurity experts. We bring you weekly interviews from top cybersecurity thought leaders.

This week on the show:

- Nicole Bucala, General Manager of Comcast’s DataBee, on the shifting cybersecurity landscape. Listen now.

- John Hultquist, Chief Analyst at Google Threat Intelligence Group, on the cyber-threats you need to know about. Listen now.

Introducing Game Changers

This June, we’re launching our new limited podcast series: Game Changers. The cyber threat landscape is evolving all the time. We need game changing ideas to outwit adversaries and prepare ourselves for future threats.

In each episode, we’ll focus on an individual or a company who has changed the game, disrupted the status quo, and pushed expectations to the limit. In this first series, we speak with Torq, Abnormal, Zama, and the Godfather of Zero Trust, John Kindervag.

Subscribe today.

🔍 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.