BleepingComputer’s top cybersecurity stories for 2022

In 2022, cybersecurity was in high demand with major cyberattacks, data breaches and innovative phishing attacks. Privacy concerns were also raised and there were zero-day vulnerabilities.

Nevertheless, some stories were more loved by our readers than others.

Although the discovery by was stolen in the is too recent to be included on the Top ten, it deserves to be mentioned.

Here are the top ten stories on BleepingComputer in 2022. Each story is briefly summarized.


Russia established its TLS certificate authority (CA), to permit websites to keep providing HTTPS connections after Western sanctions had stopped them renewing certificates.

Companies must first verify certificate authorities before using them in their browsers. At the time, only Russia’s Yandex browser was able to recognise the new CA.

Russia advised citizens that they use these browsers rather than Chrome, Firefox and Edge.


There were four malicious Android apps available for download on Google Play. They stole the sensitive data of victims’ phones and earned ‘pay per click’ revenue.

Malicious malware infected Bluetooth apps and would not display malicious functionality for 72 hours after they were installed. The delay enabled the malware to bypass security software and Google’s review.


Developer of the popular npm package, ‘node_ipc’ has released modified versions of the library. These files overwrite all developer’s files and delete all developer data.


The new social engineering method allowed Microsoft Teams to be exploited for phishing and secretly executed commands to steal data via GIFs.

The method used several flaws in order to steal data through Microsoft’s servers. It made it appear like traffic from the Microsoft Team.

The attacker needs to convince the user first to install a malicious script that runs commands and then uploads output to a Microsoft Teams webhook.


More than thirty Google Chrome Extensions malicious with over a million installed on the Chrome Web Shop were used to hijack search engines and inject affiliate links onto websites.

They did not include malicious code and were therefore difficult to find.

Once installed however, the extensions redirected the users to another site that asked for additional extensions. These were designed to sideload malicious JavaScript onto the browser.


Polkit’s Polkit’s kernel pkexec module contained a Linux flaw called PwnKit that could be exploited by attackers to obtain full root rights.

CVE-2021-4034, the vulnerability that was discovered in this vulnerability, was reported to security experts and administrators.


Researchers discovered that Microsoft Teams’ desktop app saved Microsoft Teams authentication tokens as clear text at various Windows locations.

Threat actors could steal these authentication tokens if they gain access to the device and log in as the user.

Microsoft, along with many other security experts, did not consider this an issue. This requires that a user already have access to the system in order to steal tokens. If they do not already have access, it is already “game over” for them as the threat actor can access any locally stored data.

Other researchers, however, found the report alarming due to an increase in information thieves who could take the tokens and then send them to distant attackers.


BleepingComputer first reported that Okta’s GitHub repository was accessed by threat actors who stole Okta’s source code.

Okta started alerting customers via “Confidential”, email that BleepingComputer shared, last month. It warned them that Okta Workforce Identity Cloud’s source code was compromised.

They stated, however that hackers were not able to access the source code of Auth0 (Customer ID Cloud) products in the breach.

2 apps

Intentionally, the developer of popular open-source libraries colors and Faker intentionally created an endless loop that would brick thousands of dependencies on these packages.

These libraries were used by applications and suddenly, the projects started displaying gibberish messages.

The change seems to be in retaliation to mega-corporations or commercial users of open-source software who heavily rely on free and community-powered software, but don’t give back, according to developer.


The most read story of the year is one about a security researcher who accidentally found a way around the lock screen for his completely patched Pixel 6 and Pixel 5 Android phones.

The vulnerability can be identified as CVE-2022–20465. It was corrected in the Android security update released .

Below is a demonstration of the bypass.

[embedded content]