Posts by Spartech Software

Cyber operations are now foundational to national security, playing a central role in both defense and offense for major powers. However, recent assessments indicate that while the United States remains a leading force in cyber defense and intelligence, it has fallen behind China in a key area: exploit production—the development and acquisition of software vulnerabilities that can be weaponized for attacks.

In early 2025, Kaspersky, a leading Russian cybersecurity company, released research highlighting a sharp rise in cyberattacks targeting small and medium-sized businesses (SMBs) using fake productivity and AI tools as lures. The most notable finding was a 115% increase in cyberthreats that mimic ChatGPT compared to the same period in 2024, with 177 unique malicious and unwanted files detected in the first four months of 2025.

Germany has declared that the Chinese AI app DeepSeek contains illegal content due to significant security and data protection issues. German data protection authorities, led by Commissioner Meike Kamp, have determined that DeepSeek fails to meet the country’s and the European Union’s stringent data protection standards. Specifically, DeepSeek has not provided sufficient evidence that German users’ data is safeguarded in China to a level equivalent to that required under EU law.

Android 16 introduces a new security feature designed to alert users if their device connects to a fake or insecure mobile network, commonly known as a “stingray” or “IMSI catcher.” These devices mimic legitimate cell towers to trick phones into connecting, allowing attackers to intercept communications, collect unique device identifiers (like IMEI), and even downgrade connections to less secure protocols for easier surveillance.

The Tech Transparency Project (TTP) has issued repeated warnings about the continued presence of numerous free VPN apps with hidden ties to Chinese companies—including Turbo VPN and X-VPN—on both Apple’s App Store and Google’s Play Store. These apps, which promise to protect user privacy by encrypting internet traffic, are raising serious concerns about data security and U.S. national security.

A significant surge in scanning activity targeting Progress MOVEit Transfer systems has been observed since late May 2025, indicating heightened threats and potential exploitation campaigns. Threat intelligence firm GreyNoise reported a dramatic spike beginning May 27, 2025, when scanning activity jumped from fewer than 10 unique IP addresses per day to over 100, followed by 319 IPs on May 28. Daily scanning volumes have since remained elevated at 200–300 IPs, a stark deviation from baseline activity.

Central Kentucky Radiology (CKR), a radiology services provider based in Lexington, Kentucky, is notifying approximately 167,000 individuals that their personal information was compromised following a data breach that occurred between October 16 and October 18, 2024. The organization discovered the breach after detecting unusual activity and a disruption in its computer network on October 18, 2024.

Cybersecurity researchers from Koi Security have disclosed a critical vulnerability in the Open VSX Registry, an open-source alternative to the Visual Studio Marketplace for VS Code extensions. This vulnerability, if successfully exploited, could have allowed attackers to gain full control over the entire marketplace, enabling them to publish malicious updates to every extension hosted on Open VSX. This would have posed a severe supply chain risk, potentially compromising millions of developer machines, as nearly every time an extension is installed or updated, the action is routed through Open VSX.

On Wednesday, June 25, 2025, a bipartisan group of U.S. lawmakers introduced legislation in both the House and Senate aimed at blocking federal agencies from using artificial intelligence (AI) systems developed by foreign adversaries, specifically China. The bill is called the “No Adversarial AI Act.”