Daily Briefing for 04.22.25

Attacks, Threats, and Vulnerabilities

Cookie-Bite attack PoC uses Chrome extension to steal session tokens (BleepingComputer) A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams.

Marketplace

Torq Acquires Stealth AI Startup and Adds Advanced Multi-Agent RAG Capabilities to New Torq HyperSOC-2o (Torq) Torq Drives the Future of Autonomous SOC With Torq HyperSOC-2o Featuring a Comprehensive OmniAgent That Identifies, Prioritizes, and Remediates All Organizational Cybersecurity Threats

Products, Services, and Solutions

CrowdStrike Debuts Falcon Privileged Access for Unified Hybrid Identity Security (CrowdStrike) CrowdStrike introduces Falcon Privileged Access to secure the full identity attack lifecycle and unify hybrid identity security with AI-powered real-time protection.

Legislation, Policy, and Regulation

Two top cyber officials resign from CISA (The Record) Bob Lord and Lauren Zabierek both posted on LinkedIn Monday morning that they were resigning from the Cybersecurity and Infrastructure Security Agency.

Litigation, Investigation, and Law Enforcement

Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally (The Record) Despite China- and Thailand-led crackdowns on scam compounds in Myanmar, the organized crime groups behind the cyber scam industry are growing increasingly professional and deepening ties with other regions and illicit actors.

For a complete running list of events, please visit the Event Tracker.

Events

RSA Innovation Sandbox 2025 (San Francisco, California, USA, Apr 28, 2025) RSA Conference 2025 marks 20 years for cybersecurity’s top innovation startup competition: RSAC Innovation Sandbox contest. The contest puts the spotlight on cybersecurity’s boldest new innovators while highlighting their potentially game-changing ideas. Hundreds of submissions are reviewed and narrowed down to only 10 finalists. The Top 10 Finalists will take the stage during RSA Conference 2025 and will have three minutes to make their award-winning pitch to a panel of leading industry experts. Since the start of the contest, the Top 10 Finalists have collectively seen over 90 acquisitions and over $16.4 billion in investments.*

RSA Conference 2025 (San Francisco, California, USA, Apr 28 - May 1, 2025) At RSAC 2025, you're not just attending a conference—you're stepping into a vibrant, thriving community of thinkers, innovators, and achievers. Though we come from different corners of the cybersecurity world, we are united by a common mission: to foresee risks, counter threats, and embrace the challenges ahead. Together, we shape the future of security. Together, we shine as one.

CYSAT (Paris, France, May 14 - 15, 2025) In today’s society, we heavily rely on space-based assets, and considering the continuously evolving cyber threats in the current geopolitical environment, securing space data is a major challenge. Since 2021, CYSEC has been organizing CYSAT to bring together all the players in the space cybersecurity domain.

CyberWiseCon Europe 2025 (Vilnius and virtual, Lithuania, May 21 - 23, 2025) CyberWiseCon is a premier IT security conference that brings together cybersecurity experts, industry leaders, and IT professionals from around the Europe.

NICE Conference (Denver, Colorado, USA, Jun 1 - 4, 2025) The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.