Finnish intelligence warns of persistent cyber espionage from Russia, China
(Alexander Martin – The Record) Finland’s intelligence service warned that Russia and China continue to conduct extensive cyberespionage and influence operations targeting the country’s technology sector, research institutions and government, according to a new national security assessment released Tuesday. The Finnish Security and Intelligence Service (SUPO), which is responsible for foreign intelligence as well as domestic counterintelligence, was last year reorganized to “enhance information gathering.” In a major assessment following that reorganization, SUPO warned that foreign intelligence activity targeting Finland was widespread, combining cyberintrusions, traditional espionage and political influence campaigns aimed at gathering sensitive information and shaping decision-making. “The principal threat to Finland arises from the sustained operations of Russian and Chinese intelligence services in various sectors of Finnish society,” the agency stated. – https://therecord.media/finnish-intel-warns-espionage-china-russia
Russian military hackers revive advanced malware to spy on Ukraine, researchers say
(Daryna Antoniuk – The Record) Russian state hacker group APT28 has revived a sophisticated cyber-espionage toolkit to spy on Ukrainian targets, including military personnel, according to a report published Tuesday by cybersecurity firm ESET. ESET said the group’s advanced development team has reemerged since April 2024 with a renewed arsenal built around two implants known as BeardShell and Covenant, often deployed together in espionage campaigns. – https://therecord.media/russia-apt-28-revives-malware-to-spy-on-ukraine
Ericsson US confirms breach after third-party provider attack
(Pierluigi Paganini – Security Affairs) Ericsson Inc., the U.S. branch of the Swedish telecom giant, disclosed a data breach after a service provider was hacked. The attack compromised the personal information of an unspecified number of employees and customers. “On April 28, 2025, our service provider became aware of a suspicious event that may have involved potential unauthorized access to certain data on their system. It promptly initiated an investigation with the assistance of external cybersecurity specialists.” reads the data breach notification letter shared with the California Attorney General. “It also notified the Federal Bureau of Investigation and implemented measures to enhance security and minimize the risk of a similar incident occurring in the future.” – https://securityaffairs.com/189197/data-breach/ericsson-us-confirms-breach-after-third-party-provider-attack.html
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platfor
(Pierluigi Paganini – Security Affairs) The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By mid‑2025, the service accounted for approximately 62 percent of all phishing attempts Microsoft blocked, including more than 30 million emails in a single month. That placed Tycoon2FA among the largest phishing operations globally. Despite extensive defenses, the service is linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers. – https://securityaffairs.com/189205/cyber-crime/law-enforcement-disrupted-tycoon-2fa-phishing-as-a-service-platform.html
Only 24% Of organizations Test Identity Recovery Every Six Months
(Alessandro Mascellino – Infosecurity Magazine) Just 24% of organizations test their identity disaster recovery plans every six months, according to new research which examined how businesses prepare for identity-focused cyber-attacks. The findings suggested that despite rising investment in identity threat detection and response (ITDR), many organizations remain poorly prepared to restore critical authentication systems after a breach. The data comes from Quest Software’s latest report, a global survey of 650 IT and security practitioners and executives. The study found that many companies place heavy emphasis on preventative controls and threat detection while neglecting response and recovery readiness. Identity infrastructure now sits at the centre of modern IT environments, connecting users, applications, automation tools and cloud services. When attackers compromise these systems, they can quickly gain widespread access across networks, data and administrative controls. Survey results suggested many organizations overestimate their security posture because alerts and preventative defences appear to be working. However, when identity protections fail, the speed and reliability of recovery often determine how severe the business impact becomes. – https://www.infosecurity-magazine.com/news/organizations-test-identity-sec-6/
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds
(Danny Palmer – Infosecurity Magazine) Google Cloud has warned that threat actors targeting cloud environments now favor campaigns which gain initial access by exploiting software vulnerabilities over credential-based attacks. Published on 9 March, the Google Cloud Office of the CISO’s H1 2026 Google Cloud Threat Horizons Report, details how the cloud threat landscape evolved based on how attackers attempted to target Google Cloud services during the second half of 2025. “Our team has observed a fundamental shift in the landscape,” said Crystal Lister, security advisor and head of cloud threat horizons report program for Office of the CISO, at Google Cloud. – https://www.infosecurity-magazine.com/news/cloud-attackers-prefer-exploits/
ShinyHunters Targets Hundreds of Websites in New Salesforce Campaign
(Phil Muncaster – Infosecurity Magazine) Salesforce has urged Experience Cloud customers to audit their website configurations after reports that a notorious threat group has already stolen data from hundreds of companies. The SaaS giant said that it had been tracking an increase in threat actor activity targeting misconfigurations of publicly accessible sites built using its Experience Cloud platform. “Specifically, we have identified a campaign in which malicious actors are exploiting customers’ overly permissive Experience Cloud guest user configurations to potentially access more data than targeted organizations intended,” it explained. – https://www.infosecurity-magazine.com/news/shinyhunters-hundreds-websites/
