US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches...

Finnish Authorities Detain Crew After Undersea Internet Cable Severed

After a sudden internet cable break between Finland and Estonia, authorities have seized the cargo ship Fitburg. With two crew members arrested and sanctioned steel found on board, investigators are now probing if this was an accident or a deliberate act of hybrid warfare...

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service CaaS platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation...

CVE-2025-20149

creationtimestamp| type| source ---|---|--- 2025-09-25 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1645 2025-09-25 11:38:17+00:00| exploited| https://t.me/truesecator/7459 2025-09-26 08:27:34+00:00| seen|...

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

The Police of Finland aka Poliisi has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

CVE-2023-47537

creationtimestamp| type| source ---|---|--- 2024-02-09 10:14:28+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus8/2024 2024-02-09 11:20:05+00:00| seen| https://t.me/truesecator/5396 2024-02-15 15:31:37+00:00| seen| https://t.me/ctinow/185611 2024-03-02 16:11:50+00:00| seen|...

Alleged Extortioner of Psychotherapy Patients Faces Trial

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they...

Nokia G-040W-Q Security Vulnerability

The Nokia G-040W-Q is a modem from Nokia of Finland. A security vulnerability exists in Nokia G-040W-Q that originates from allowing the use of weak passwords...

Nokia Web Element Manager 安全漏洞

Nokia Web Element Manager is a network management tool from Nokia of Finland for managing and monitoring Nokia network devices and solutions. A security vulnerability exists in Nokia Web Element Manager versions prior to 22 R1, which originates from an internal failure in the mobile web solution...

finlandserverhosting.com Cross Site Scripting vulnerability OBB-3365358

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service DDoS attack that peaked at over 71 million requests per second RPS. "The majority of attacks peaked in the ballpark of 50-70 million requests per second RPS with the largest...

Update 18.18 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1 (Application Build 18.18.49460, Platform Build 18.0.49352)

Update 18.18 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1 Application Build 18.18.49460, Platform Build 18.0.49352 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a remote code execution vulnerabilit...

DDoS attacks in Q2 2022

News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel s...