Posts by Spartech Software

A critical-severity vulnerability (CVE-2025-4322) was discovered in the popular Motors theme for WordPress, affecting all versions up to and including 5.6.67. This flaw allowed unauthenticated attackers to escalate privileges by resetting passwords for any user, including administrators, resulting in full site takeover.

Banana Squad, a threat actor group, has been running a sophisticated malware campaign by hiding data-stealing malware in fake GitHub repositories. These repositories were designed to look like legitimate Python-based hacking tools, tricking developers and users into downloading and running malicious code.

Remember those wily hackers that siphoned $90 million from Nobitex, Iran’s largest cryptocurrency exchange yesterday? Today, they taunted Iran's Revolutionary Guard Corps and then burned the entire pile of crypto. More than $90 million vaporized! The stunning $90 million destruction marks a brazen escalation in the covert cyber war that has simmered between Israel and Iran for more than a decade.

Recent research by Malwarebytes Labs uncovered a sophisticated cybercriminal campaign in which attackers pay for sponsored Google ads, impersonate major brands, and direct users to fake websites designed to steal credentials and distribute malware.

The Cybernews research team recently uncovered what may be the largest unreported credential leak in history, involving a staggering 16 billion login records exposed across 30 separate datasets. These datasets were most likely generated by various infostealer malware—malicious software designed to harvest sensitive information such as usernames, passwords, and authentication tokens from infected devices.

Thai authorities recently dismantled a sophisticated criminal operation at the eight-storey Antai Holiday Hotel in Pattaya, Chon Buri province. The raid, conducted at 11:30 p.m. on June 16, 2025, uncovered both an illegal gambling den and a cybercrime ring specializing in ransomware attacks.

The North Korean-linked BlueNoroff group, also known as Sapphire Sleet or TA444, has launched a sophisticated social engineering campaign targeting employees in the cryptocurrency sector, specifically those using macOS devices. This latest attack leverages deepfake technology and fake Zoom meetings to deliver backdoor malware.

Krispy Kreme, the international doughnut and coffee chain, suffered a significant ransomware attack in late 2024 that resulted in a major data breach and operational disruptions. The attack was detected on November 29, 2024, when Krispy Kreme noticed unauthorized activity on its IT systems. The company disclosed the incident in an SEC filing on December 11, 2024, confirming disruptions to its online ordering platform, particularly affecting digital sales in the U.S. Physical store operations and deliveries to retail partners, including McDonald’s, continued largely unaffected.