SparTech Software

Krispy Kreme, the international doughnut and coffee chain, suffered a significant ransomware attack in late 2024 that resulted in a major data breach and operational disruptions. The attack was detected on November 29, 2024, when Krispy Kreme noticed unauthorized activity on its IT systems. The company disclosed the incident in an SEC filing on December 11, 2024, confirming disruptions to its online ordering platform, particularly affecting digital sales in the U.S. Physical store operations and deliveries to retail partners, including McDonald’s, continued largely unaffected.

On June 12, 2025, Swiss procurement service provider Chain IQ, along with 19 other companies, was targeted in a large-scale ransomware attack orchestrated by the group Worldleaks (also known as World Leaks, previously Hunters International). The attack resulted in the theft and subsequent dark web publication of sensitive data, including information from major Swiss financial institutions such as UBS and Pictet.

Recently, security researchers at Cato Networks have identified new variants of WormGPT, a tool originally developed as an uncensored large language model (LLM) for cybercriminal activities. These new versions, named keanu-WormGPT and xzin0vich-WormGPT, have been discovered on underground forums such as BreachForums and are accessed via Telegram chatbots on a subscription basis.

The new Jitter-Trap tool from Varonis is designed to help organizations detect stealthy beacon traffic used by attackers to establish and maintain command and control (C2) communication within victim networks. Beacons are commonly employed by threat actors—including state-sponsored groups and cybercriminals—to avoid detection while executing post-exploitation activities such as data exfiltration, lateral movement, and persistent access.

The GodFather banking Trojan has introduced a highly sophisticated virtualization tactic, marking a significant evolution in mobile malware targeting financial and cryptocurrency applications. This technique enables attackers to hijack legitimate apps in real time, making account takeovers more seamless and harder to detect than ever before.

A Russian state-linked hacking group, identified as UNC6293 and believed to be associated with APT29, has developed a sophisticated phishing technique that bypasses Gmail’s multi-factor authentication (MFA) by exploiting Google’s app-specific password (ASP) feature. This campaign targeted high-profile individuals by impersonating US State Department officials and using highly convincing social engineering tactics.

A newly released study reveals how Russia leverages private companies and hacktivist groups to strengthen its cyber capabilities. The study was conducted by QuoIntelligence, as referenced in the QuoIntelligence Report. Additional analysis and context come from think tanks and cybersecurity researchers, including reports from the Atlantic Council and other academic sources.

Predatory Sparrow (Farsi: Gonjeshke Darande) is a highly skilled hacker group widely believed to have links to Israel. The group has escalated its cyber operations against Iran in June 2025, targeting major financial institutions and causing significant disruption and financial loss.

Seems like Iran was a bit late to lockdown worldwide Internet access amidst the Israel/Iran/USA? was. Nobitex, Iran’s largest cryptocurrency exchange, was hacked on June 18, 2025, resulting in the theft of over $90 million in cryptocurrency assets. The cyberattack targeted the exchange’s “hot wallet” infrastructure, which is connected to the internet for quick transactions. The stolen funds included Bitcoin, Dogecoin, and more than 100 different cryptocurrencies across multiple blockchains including TRON, Ethereum, and Bitcoin.

A recent malware campaign has infected over 1,500 Minecraft players by disguising Java-based malware as legitimate game mods on GitHub. This operation, identified by Check Point researchers, leverages a distribution-as-a-service (DaaS) platform called the Stargazers Ghost Network to spread its malicious payloads.