Posts by Spartech Software

United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods and a major supplier to over 30,000 retailers across North America, experienced a significant cybersecurity incident beginning on June 5, 2025. The attack led to widespread disruptions in its operations, particularly affecting its ability to fulfill and distribute customer orders, including those to Whole Foods.

Bitsight, a cybersecurity ratings company, has issued a stark warning after its TRACE research team discovered over 40,000 internet-connected security cameras streaming live footage openly on the internet, with no passwords or meaningful security protections in place. These cameras, intended for use in homes, businesses, factories, hospitals, and even public transportation, are inadvertently providing public access to sensitive locations and information.

Microsoft’s June 2025 Patch Tuesday addressed a total of 66–67 vulnerabilities across its product suite, including Windows, Microsoft Office, and related components. The update is notable for patching a critical zero-day vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) protocol that was actively exploited in the wild.

On Wednesday, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains linked to 69 different information-stealing malware variants. This operation, codenamed Operation Secure, was conducted between January and April 2025 and involved law enforcement agencies from 26 countries across the Asia-Pacific region.

FIN6 (aka Camouflage Tempest, Gold Franklin, or Skeleton Spider) is a financially motivated cybercrime group active since 2012, initially targeting point-of-sale systems to steal payment card data. Recently, they’ve adopted a novel attack vector using AWS-hosted fake resumes on LinkedIn to deliver More_eggs malware, specifically targeting corporate recruiters.

The database consisted of numerous collections, ranging from half a million to over 800 million records gathered from various sources. One research team believes the dataset was meticulously compiled and maintained to build comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen. The exposed instance was quickly taken down, preventing the team from disclosing the identity of the database’s owners.

A new variant of the Mirai malware botnet is exploiting a little-known command injection vulnerability in TBK digital video recording devices, specifically models DVR-4104 and DVR-4216, to take control of them. This vulnerability, identified as CVE-2024-3721, was disclosed by security researcher "netsecfish" in April 2024 but has just now been spotted in the wild.