8.4 million people affected by data breach at Indian car share company Zoomcar
The Bengaluru-based company told investors that it initially became aware of the breach on June 9.
Latest CyberSec News by @thecyberpicker
Zoomcar discloses security breach impacting 8.4 million users
Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users.
Ransomware: File Data Is Harder to Manage and Defend
This week in cybersecurity from the editors at Cybercrime Magazine
Police dismantle Archetyp dark web drug market, arrest administrator
A multinational law enforcement operation targeted the leaders and infrastructure Archetyp Market, known for illegal drug sales on the dark web.
Whole Foods supplier making progress on restoration after cyberattack left shelves empty
United Natural Foods (UNFI) said in an update that it “made significant progress" toward restoring its ordering systems after a cyberattack affected the company's ability to keep grocery stores stocked.
AI Agents vs AI Chatbots: Understanding the Difference | CSA
Both AI agents and AI chatbots automate tasks, but the security implications differ significantly. Dive into what sets them apart.
Microsoft shares temp fix for Outlook crashes when opening emails
Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message.
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
Cynomi's playbook helps providers scale from tactical services to strategic cybersecurity programs with MRR growth.
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Zero-click spyware. Undetectable AI leaks. Microsoft Copilot exploited. Read this week's top cyber incidents and the silent tactics behind them.
Automated SaaS Security That Scales | CSA
Manual remediation can't scale SaaS risk. Learn how automation transforms SaaS security into a collaborative, efficient, risk-reducing strategy.
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
Nessus users should update patches as soon as possible
Police seizes Archetyp Market drug marketplace, arrests admin
Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020.
GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale
Artificial intelligence is changing everything - from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied. Related: Does AI take your data? It offers speed and precision at unprecedented scale. But without intention, progress often leaves behind a trail of invisible harm. We are moving fast. Too fast.
L’Université Sorbonne piratée : des informations sensibles ont été volées
Sorbonne Université est victime d'une nouvelle cyberattaque. Les données personnelles de 32 000 salariés et anciens salariés auraient été dérobées, dont certaines très sensibles. Le communiqué de presse de l'université est laconique, mais la cyberattaque est de grande ampleur : Sorbonne Université a été victime d'une
Anubis Ransomware Adds File-Wiping Capability
Trend Micro identified a novel “wipe mode” included in Anubis ransomware to prevent file recovery, increasing pressure on victims to give in to demands
New Predator spyware infrastructure revealed activity in Mozambique for first time
Insik Group analyzed the new Predator spyware infrastructure and discovered it's still gaining users despite U.S. sanctions since July 2023.
Microsoft: June Windows Server security updates cause DHCP issues
Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems.
Over a Third of Grafana Instances Exposed to XSS Flaw
Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk
WestJet Investigates Cyber-Attack Impacting Customers
Canadian airline WestJet is investigating a cyber-attack that struck on June 13
A week in security (June 9 – June 15)
A list of topics we covered in the week of June 9 to June 15 of 2025
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI workflows, and cloud setups
ChatGPT's AI coder Codex now lets you choose the best solution
ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution.
ChatGPT Search gets an upgrade as OpenAI takes aim at Google
On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance.
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49 - Security Affairs
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
WebDAV Windows 10 - Remote Code Execution (RCE)
WebDAV Windows 10 - Remote Code Execution (RCE).. remote exploit for Windows platform
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI. CVE-2025-49619 . webapps exploit for Multiple platform
AirKeyboard iOS App 1.0.5 - Remote Input Injection
AirKeyboard iOS App 1.0.5 - Remote Input Injection. CVE-n/a . remote exploit for iOS platform
Microsoft Excel Use After Free - Local Code Execution
Microsoft Excel Use After Free - Local Code Execution. CVE-2025-27751 . local exploit for Windows platform
PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
PHP CGI Module 8.3.4 - Remote Code Execution (RCE). CVE-2024-4577 . webapps exploit for PHP platform