Posts by Spartech Software

Critical vulnerabilities in Microsens’ NMP Web+ network management platform have been discovered that allow unauthenticated attackers to remotely compromise industrial control systems. These flaws enable full system takeover through authentication bypass and arbitrary code execution, affecting versions 3.2.5 and earlier on both Windows and Linux platforms.

Interpol has recently warned that West Africa is emerging as a new regional hub for digital crimes, particularly online scam centers, alongside Central America and the Middle East. This shift marks a significant development in the global landscape of cyber-enabled crime, which was previously concentrated in Southeast Asia.

The U.S. Department of Justice (DOJ) and FBI have disrupted a major North Korean scheme in which IT workers, posing as remote employees, infiltrated over 100 U.S. companies—including Fortune 500 firms and a defense contractor—to steal money, sensitive data, and cryptocurrency, and funnel millions of dollars back to North Korea’s regime.

A recent investigation has revealed that three major hacks of the U.S. Treasury Department in the past five years were directly linked to failures in deploying basic cybersecurity measures that could have either prevented the attacks or detected them much sooner. These incidents have exposed persistent vulnerabilities within the agency responsible for safeguarding the integrity of the U.S. financial system, raising significant concerns among both regulators and the banking sector.

The FIDO Alliance’s 2024 Online Authentication Barometer found that more than half of consumers (53%) reported an increase in suspicious messages and online scams in 2024. This rise was most commonly observed in SMS messages (53%) and email (49%), with notable increases also seen in phone/voice messages, social media, instant messaging apps, fake adverts, and fake articles.

Switzerland has officially confirmed that sensitive information from several federal offices has been impacted by a ransomware attack targeting the third-party organization Radix, a Zurich-based non-profit health foundation. The attack, which occurred on June 16, 2025, resulted in both the theft and encryption of data. Hackers subsequently leaked the stolen data on the dark web, with reports indicating that the Sarcoma ransomware group claimed responsibility and published approximately 1.3 TB of data in several compressed archives.

Microsoft has announced a new feature for its Defender for Office 365 cloud-based email security suite: automatic detection and blocking of email bombing attacks. This enhancement, called Mail Bombing Detection, is designed to protect organizations from coordinated efforts to flood mailboxes with large volumes of emails, which can overwhelm systems and obscure important messages, potentially masking genuine threats or hindering business operations.

Researchers from Zscaler ThreatLabz recently uncovered a sophisticated cyber campaign that exploits public interest in popular AI tools such as ChatGPT and Luma AI. Threat actors have created AI-themed websites that use Black Hat SEO techniques to manipulate search engine rankings, making these malicious sites appear prominently in results for trending AI-related queries.

The threat actor group Blind Eagle (also known as AguilaCiega, APT-C-36, or APT-Q-98) has been linked to the Russian bulletproof hosting service Proton66 in a campaign targeting Colombian financial institutions. Trustwave SpiderLabs assessed this connection with high confidence after tracing Proton66-linked infrastructure to active clusters deploying phishing tools and remote access trojans (RATs) against banks like Bancolombia, BBVA, Banco Caja Social, and Davivienda.