Latest CyberSec News by @thecyberpicker

Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI workflows, and cloud setups

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution.

On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance.

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

WebDAV Windows 10 - Remote Code Execution (RCE).. remote exploit for Windows platform

Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI. CVE-2025-49619 . webapps exploit for Multiple platform

AirKeyboard iOS App 1.0.5 - Remote Input Injection. CVE-n/a . remote exploit for iOS platform

Microsoft Excel Use After Free - Local Code Execution. CVE-2025-27751 . local exploit for Windows platform

PHP CGI Module 8.3.4 - Remote Code Execution (RCE). CVE-2024-4577 . webapps exploit for PHP platform

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE). CVE-2025-33073 . remote exploit for Windows platform

Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation. CVE-2024-28000 . webapps exploit for PHP platform

Parrot and DJI variants Drone OSes - Kernel Panic Exploit. CVE-2025-37928 . local exploit for Multiple platform

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS). CVE-2025-46041 . webapps exploit for PHP platform

PCMan FTP Server 2.0.7 - Buffer Overflow. CVE-2025-4255 . remote exploit for Windows platform

This is a current list of where and when I am scheduled to speak: I’m speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM. The list is maintained on this page.

When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes.

WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach.

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions.

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn.

Malware campaign hijacks expired Discord invite links to steal crypto wallets and infect users globally.

Paris, Jun. 3, 2025, CyberNewswire--Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module uses AI-generated voices and adaptive dialogue systems to simulate

Video of the stubby squid (Rossia pacifica) from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

C'était l'opération dans l'opération. En marge de la campagne Rising Lion lancée par Israël contre l'Iran dans la nuit du 12 au 13 juin 2025, pour attaquer son programme de nucléaire militaire, une action spéciale a aussi eu lieu proche de Téhéran. Elle impliquait une base clandestine et des drones explosifs. Un coup

Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web.

Google says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms.

Roundcube 1.6.10 - Remote Code Execution (RCE). CVE-2025-49113 . webapps exploit for Multiple platform

Windows File Explorer Windows 10 Pro x64 - TAR Extraction. CVE-2025-24071 . remote exploit for Windows platform

Coker spoke to Recorded Future News about his time as National Cyber Director, what he considers his biggest successes and what he would tell his replacement – who is currently going through the confirmation process.