2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.

The Five Eyes warn against top exploited vulnerabilities. The Rilide info stealer in the wild. Malicious PyPI packages. Valerie Abend, Global Cyber Strategy Lead from Accenture, unpacks the Securities and Exchange Commission’s recently announced cyber regulations. In our Solution spotlight: Our own Simone Patrella speaks with Microsoft’s Ann Johnson on how Microsoft is attracting and retaining top cyber talent. And cyber attacks continue to gutter on both sides of Russia's war against Ukraine.

Selected reading.

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 | CISA (Cybersecurity and Infrastructure Security Agency CISA)

CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vu (National Security Agency/Central Security Service)

New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3 (Trustwave)

Tunnel Vision: CloudflareD AbuseD in the WilD (GuidePoint Security) 

VMConnect: Malicious PyPI packages imitate popular open source modules (ReversingLabs) 

Bilyana Lilly on how cybersecurity assistance to Ukraine has helped thwart Russian cyberattacks (CyberScoop)

Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks (Reuters)

Ukraine's invisible battle to jam Russian weapons (BBC News)

How Ukraine’s cyberwarriors are upending everyday life in Russia (Times)