SparTech Software Cybersecurity Services

Researchers are noticing a resurgence of the Prometei botnet, evolving the threat to further target Linux.

The Prometei botnet has experienced a notable resurgence in 2025, particularly with its Linux variant, marking it as a persistent and evolving threat to organizations worldwide. Originally discovered in July 2020 primarily targeting Windows systems, Prometei expanded to Linux in December 2020 and has since continued to evolve both in scope and technical sophistication.

Spartech Software June 23, 2025

Cybersecurity News

New malware variant, XDigo, is hitting Eastern Europe via .lnk files.

XDigo is a recently discovered, sophisticated malware implant written in the Go programming language. It is primarily deployed by the cyber-espionage group known as XDSpy (also referred to as “Silent Werewolf”), which has a history of targeting government and critical infrastructure entities across Eastern Europe, Russia, and neighboring regions.

Spartech Software June 23, 2025

Cybersecurity News

Cyberattack against cryptocurrency platform, CoinMarketCap, takes $43k in assets from more than a hundred users.

A recent cyberattack targeted users of CoinMarketCap, a widely used cryptocurrency data platform, resulting in the theft of more than $43,000 in crypto assets from 110 users. The attackers leveraged a malicious toolkit known as Inferno Drainer to execute the scheme.

Spartech Software June 23, 2025

Cybersecurity News

US readies for cyberattacks after striking Iranian nuclear sites.

The United States is on high alert for potential cyberattacks following its recent airstrikes on Iranian nuclear sites, which have significantly escalated tensions between the two nations. The Department of Homeland Security (DHS) and the National Terrorism Advisory System have issued bulletins warning of a “heightened threat environment” in the U.S., particularly concerning cyber threats from Iran and its allies.

Spartech Software June 23, 2025

Cybersecurity News

McLaren Health Care acknowledges another significant data breach, this time impacting >743,000 people.

Michigan-based McLaren Health Care has disclosed a significant data breach affecting 743,131 individuals after a ransomware attack compromised its systems in July and August 2024. This incident is the second major breach for the organization in recent years, following a 2023 attack that impacted over 2 million people.

Spartech Software June 23, 2025

Labs and Lessons

Hack The Box: Complete walkthrough of the IPMI (Intelligent Platform Management Interface) Footprinting lab module.

The Hack The Box (HTB) Intelligent Platform Management Interface (IPMI) module teaches you how to analyze and potentially exploit the target via IPMI. Here's how to derive the solution and capture the flag.

Spartech Software June 22, 2025

Cybersecurity Defense

What is the CIS TRIAD and why it is an important model to help manage cybersecurity risks.

The term “CIS TRIAD” in cybersecurity typically refers to the “CIA Triad,” a foundational model that defines the three core principles essential for protecting information and managing cybersecurity risks: Confidentiality, Integrity, and Availability.

Spartech Software June 22, 2025

Cybersecurity News

Threat actor reportedly selling FortiGate exploit tool on darkweb that targets FortiOS.

Cybersecurity circles have been focused on a new threat actor claim regarding a zero-day exploit targeting Fortinet FortiGate firewalls. This claim emerged on a prominent dark web forum and has raised significant alarm due to the exploit’s purported capabilities and the critical role FortiGate devices play in enterprise network security.

Spartech Software June 22, 2025

Cybersecurity News

Internet restrictions in Iran have reportedly been eased.

Some of Iran’s internet access restrictions have been eased, after the country earlier this week was sent into a near-total blackout, according to Iran’s communications minister.

Spartech Software June 21, 2025

Cybersecurity News

Authorities battle Violence-as-a-Service (Vaas), a disturbing model in which organize crime groups recruit teenagers as hitmen.

European police, led by Denmark and Sweden, are intensifying efforts to dismantle a disturbing new criminal model known as “violence-as-a-service” (VaaS), in which organized crime groups recruit teenagers online to carry out contract killings. This crackdown is a response to a surge in cross-border violence facilitated by encrypted apps and social media platforms, which allow gangs to outsource violent crimes—including shootings and assassinations—to young people, some as young as 14.

Spartech Software June 21, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC