SparTech Software

SecurityWeek reported this week that WhatsApp, owned by Meta, confirmed its researchers had requested the CVE identifier CVE-2025-27363 after linking the flaw to an exploit used by Paragon, an Israeli surveillance solutions provider. The vulnerability, CVE-2025-27363, is an out-of-bounds write in the FreeType open-source library, which could allow for arbitrary code execution. This flaw was initially highlighted in a Meta advisory in mid-March 2025, warning that it may have been exploited in the wild.

A critical-severity vulnerability (CVE-2025-4322) was discovered in the popular Motors theme for WordPress, affecting all versions up to and including 5.6.67. This flaw allowed unauthenticated attackers to escalate privileges by resetting passwords for any user, including administrators, resulting in full site takeover.

Banana Squad, a threat actor group, has been running a sophisticated malware campaign by hiding data-stealing malware in fake GitHub repositories. These repositories were designed to look like legitimate Python-based hacking tools, tricking developers and users into downloading and running malicious code.

Remember those wily hackers that siphoned $90 million from Nobitex, Iran’s largest cryptocurrency exchange yesterday? Today, they taunted Iran's Revolutionary Guard Corps and then burned the entire pile of crypto. More than $90 million vaporized! The stunning $90 million destruction marks a brazen escalation in the covert cyber war that has simmered between Israel and Iran for more than a decade.

Recent research by Malwarebytes Labs uncovered a sophisticated cybercriminal campaign in which attackers pay for sponsored Google ads, impersonate major brands, and direct users to fake websites designed to steal credentials and distribute malware.

The Cybernews research team recently uncovered what may be the largest unreported credential leak in history, involving a staggering 16 billion login records exposed across 30 separate datasets. These datasets were most likely generated by various infostealer malware—malicious software designed to harvest sensitive information such as usernames, passwords, and authentication tokens from infected devices.

Thai authorities recently dismantled a sophisticated criminal operation at the eight-storey Antai Holiday Hotel in Pattaya, Chon Buri province. The raid, conducted at 11:30 p.m. on June 16, 2025, uncovered both an illegal gambling den and a cybercrime ring specializing in ransomware attacks.

The North Korean-linked BlueNoroff group, also known as Sapphire Sleet or TA444, has launched a sophisticated social engineering campaign targeting employees in the cryptocurrency sector, specifically those using macOS devices. This latest attack leverages deepfake technology and fake Zoom meetings to deliver backdoor malware.