Cyber News Bytes: What’s Happening in Cybersecurity This Week

Attackers didn't find new vulnerabilities this week; they walked through doors that were already wide open.

From a government that collected biometric data on 20 million people but couldn't protect it, to six zero-days that were already being exploited before Microsoft even knew they existed, to Chrome extensions sitting in your browser right now quietly stealing your data, the pattern is impossible to ignore.

This week isn't just news. It's a warning.

1.Senegal's National ID System Was Breached and Nearly 20 Million People's Biometric Data Was Stolen

What Happened:
A new ransomware group called The Green Blood Group broke into Senegal's national ID agency and walked out with biometric records, birth certificates, and immigration data belonging to nearly 20 million people. The government didn't say a word publicly until two weeks after it happened, and their official statement came from a Yahoo email address.

Why It Matters:
Biometric data isn't like a password; you can't reset your fingerprints. When a government collects that level of sensitive data without the security infrastructure to protect it, the consequences for citizens are permanent.

How to Use It:
Use this as your go-to case study for security-by-design and the real cost of delayed incident disclosure; both are gold in interviews and client conversations.

Read more on Dark Reading

2. Microsoft Patched Six Actively Exploited Zero-Days This February.

What Happened:
Microsoft's February Patch Tuesday fixed 60 vulnerabilities, but six of them were already being actively exploited before any patch existed, including SmartScreen bypasses, privilege escalation flaws, and Office file exploits that only require a user to click the wrong thing.

Why It Matters:
Zero-days give attackers a head start, and publishing the patch tells the rest of the threat actor community exactly what was broken, so if you're slow to patch, you're now a known target.

How to Use It:
Pull these CVEs and practice prioritizing them by exposure and impact. It's exactly the kind of real-world exercise that sharpens your vulnerability management thinking.

Read more on Security Week

3. Malicious Chrome Extensions Are Quietly Stealing Business Data and They Look Completely Legitimate

What Happened:
Researchers uncovered multiple Chrome extension campaigns stealing 2FA codes, Gmail content, Business Manager data, and full browsing history disguised as AI tools and productivity add-ons, with over 260,000 combined installs across campaigns.

Why It Matters:
Extensions sit inside your authenticated browser session with access to everything you're doing and most people never think twice about what they've installed.

How to Use It:
Start auditing your own extensions today, and bring extension allowlisting into your security conversations; it's a practical, underused control that's easy to explain and harder to argue against.

Read The Hacker News

Here's what this week really comes down to: none of these attacks were sophisticated. They were patient.

The Green Blood Group didn't need to outsmart anyone. They just needed the door to be left open long enough. Microsoft's zero-days weren't genius-level exploits; they were gaps that existed quietly until someone decided to use them. And those Chrome extensions? They looked exactly like tools people use and trust every single day.

Most breaches don't happen because attackers are brilliant. They happen because familiarity breeds blind spots, and the systems that feel the safest are often the ones nobody's actually checking. Whether you're just starting out or years into this field, that's the mindset worth carrying into everything you do.

 And for anyone trying to break into the field, CourseCareers offers one of the fastest, most accessible paths into IT and cybersecurity for beginners; check it out here.