Posts by Spartech Software

Cloudflare reports a dramatic surge in cyberattacks targeting journalists and independent media organizations over the past year. Between May 2024 and April 2025, Cloudflare blocked nearly 109 billion malicious requests aimed at organizations protected under its Project Galileo, with attacks against journalists and news organizations accounting for 97 billion of those requests—an average of 290 million per day. This marks a 241% increase in attack volume compared to the previous year.

FIN6, a financially motivated cybercrime group historically known for point-of-sale system breaches and ransomware operations, has pivoted to exploiting HR workflows through a sophisticated social engineering campaign. By impersonating job seekers, they target recruiters to deploy malware and infiltrate corporate networks.

Many high-profile cybercriminals have been arrested and convicted, but several notorious figures remain fugitives, wanted by law enforcement agencies worldwide. Here are ten cybercriminals currently on the run, according to the latest FBI “Most Wanted” lists and other credible sources:

A critical security flaw, dubbed “EchoLeak” (CVE-2025-32711), was discovered in Microsoft 365 Copilot, the AI assistant integrated into Office apps like Word, Excel, Outlook, and Teams. This vulnerability allowed attackers to exfiltrate sensitive organizational data through a “zero-click” attack—meaning the victim did not need to interact with any malicious content for the exploit to succeed.

On June 5, 2025, GreyNoise observed a significant and coordinated surge in brute-force and login attempts targeting Apache Tomcat Manager interfaces exposed to the internet. This activity marked a sharp deviation from typical background noise, with two GreyNoise tags—Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt—registering volumes well above their usual baselines.

United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods and a major supplier to over 30,000 retailers across North America, experienced a significant cybersecurity incident beginning on June 5, 2025. The attack led to widespread disruptions in its operations, particularly affecting its ability to fulfill and distribute customer orders, including those to Whole Foods.

Bitsight, a cybersecurity ratings company, has issued a stark warning after its TRACE research team discovered over 40,000 internet-connected security cameras streaming live footage openly on the internet, with no passwords or meaningful security protections in place. These cameras, intended for use in homes, businesses, factories, hospitals, and even public transportation, are inadvertently providing public access to sensitive locations and information.

Microsoft’s June 2025 Patch Tuesday addressed a total of 66–67 vulnerabilities across its product suite, including Windows, Microsoft Office, and related components. The update is notable for patching a critical zero-day vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) protocol that was actively exploited in the wild.