Automated SaaS Security That Scales | CSA
Manual remediation can't scale SaaS risk. Learn how automation transforms SaaS security into a collaborative, efficient, risk-reducing strategy.
Latest CyberSec News by @thecyberpicker
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
Nessus users should update patches as soon as possible
Police seizes Archetyp Market drug marketplace, arrests admin
Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020.
GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale
Artificial intelligence is changing everything - from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied. Related: Does AI take your data? It offers speed and precision at unprecedented scale. But without intention, progress often leaves behind a trail of invisible harm. We are moving fast. Too fast.
L’Université Sorbonne piratée : des informations sensibles ont été volées
Sorbonne Université est victime d'une nouvelle cyberattaque. Les données personnelles de 32 000 salariés et anciens salariés auraient été dérobées, dont certaines très sensibles. Le communiqué de presse de l'université est laconique, mais la cyberattaque est de grande ampleur : Sorbonne Université a été victime d'une
Anubis Ransomware Adds File-Wiping Capability
Trend Micro identified a novel “wipe mode” included in Anubis ransomware to prevent file recovery, increasing pressure on victims to give in to demands
New Predator spyware infrastructure revealed activity in Mozambique for first time
Insik Group analyzed the new Predator spyware infrastructure and discovered it's still gaining users despite U.S. sanctions since July 2023.
Microsoft: June Windows Server security updates cause DHCP issues
Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems.
Over a Third of Grafana Instances Exposed to XSS Flaw
Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk
WestJet Investigates Cyber-Attack Impacting Customers
Canadian airline WestJet is investigating a cyber-attack that struck on June 13
A week in security (June 9 – June 15)
A list of topics we covered in the week of June 9 to June 15 of 2025
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI workflows, and cloud setups
ChatGPT's AI coder Codex now lets you choose the best solution
ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution.
ChatGPT Search gets an upgrade as OpenAI takes aim at Google
On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance.
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49 - Security Affairs
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
WebDAV Windows 10 - Remote Code Execution (RCE)
WebDAV Windows 10 - Remote Code Execution (RCE).. remote exploit for Windows platform
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI. CVE-2025-49619 . webapps exploit for Multiple platform
AirKeyboard iOS App 1.0.5 - Remote Input Injection
AirKeyboard iOS App 1.0.5 - Remote Input Injection. CVE-n/a . remote exploit for iOS platform
Microsoft Excel Use After Free - Local Code Execution
Microsoft Excel Use After Free - Local Code Execution. CVE-2025-27751 . local exploit for Windows platform
PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
PHP CGI Module 8.3.4 - Remote Code Execution (RCE). CVE-2024-4577 . webapps exploit for PHP platform
Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE). CVE-2025-33073 . remote exploit for Windows platform
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation. CVE-2024-28000 . webapps exploit for PHP platform
Parrot and DJI variants Drone OSes - Kernel Panic Exploit
Parrot and DJI variants Drone OSes - Kernel Panic Exploit. CVE-2025-37928 . local exploit for Multiple platform
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS). CVE-2025-46041 . webapps exploit for PHP platform
PCMan FTP Server 2.0.7 - Buffer Overflow
PCMan FTP Server 2.0.7 - Buffer Overflow. CVE-2025-4255 . remote exploit for Windows platform
Upcoming Speaking Engagements - Schneier on Security
This is a current list of where and when I am scheduled to speak: I’m speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM. The list is maintained on this page.
Windows 11 users want these five features back
When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes.
Anubis ransomware adds wiper to destroy files beyond recovery
WestJet investigates cyberattack disrupting internal systems
WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach.