The Breach News

Finland’s Foreign Ministry Networks Compromised in Sophisticated Malware Attack

November 1, 2013

Finnish broadcaster MTV3 reports that the Ministry of Foreign Affairs of Finland has been the target of a prolonged cyber espionage operation lasting four years. The country’s foreign minister confirmed a significant hacking incident within the ministry’s data network. The attack involved advanced malware, reportedly more sophisticated than the notorious Red October, aimed at intercepting communications between Finland and the European Union. Discovery of the breach occurred earlier this year, following a foreign notification to CERT-FI, rather than through Finnish investigative efforts. Authorities have kept the details confidential while continuing forensic analysis, revealing that low-level classified information may have been compromised. In January 2013, previous reporting covered the Red October cyber-espionage operation, which affected various entities.

Finland’s Ministry of Foreign Affairs Targeted in Prolonged Malware Attack In a significant cybersecurity incident, the Finnish Ministry of Foreign Affairs has fallen victim to a sophisticated malware intrusion, part of an extensive four-year cyber espionage campaign. Reports from Finnish commercial broadcaster MTV3 indicate that the breach, which involved the…

Read More

Finland’s Foreign Ministry Networks Compromised in Sophisticated Malware Attack

November 1, 2013

Finnish broadcaster MTV3 reports that the Ministry of Foreign Affairs of Finland has been the target of a prolonged cyber espionage operation lasting four years. The country’s foreign minister confirmed a significant hacking incident within the ministry’s data network. The attack involved advanced malware, reportedly more sophisticated than the notorious Red October, aimed at intercepting communications between Finland and the European Union. Discovery of the breach occurred earlier this year, following a foreign notification to CERT-FI, rather than through Finnish investigative efforts. Authorities have kept the details confidential while continuing forensic analysis, revealing that low-level classified information may have been compromised. In January 2013, previous reporting covered the Red October cyber-espionage operation, which affected various entities.

[Webinar] The Rapid Rise of Shadow AI Agents: Strategies for Detection and Control

Join us on September 9, 2025
Artificial Intelligence / Threat Detection

⚠️ Just a single click can trigger a chain reaction. An engineer launches an “experimental” AI agent for a workflow test. A business team connects to streamline reporting. A cloud provider quietly activates a new agent behind the scenes. Individually, these actions may seem innocuous, but collectively they create an unseen network of Shadow AI Agents—operating beyond the reach of security measures and linked to unknown identities.

The harsh reality is that each of these agents poses significant risks:

  • Impersonation of legitimate users
  • Unauthorized non-human identities with access rights
  • Data breaches across supposedly secure boundaries

This is not a distant concern; it’s an urgent issue impacting enterprises globally, and they’re proliferating faster than governance can address. Don’t miss our upcoming discussion: Shadow AI Agents Uncovered. Secure your spot today—[Register Here].

Explore Why Shadow AI is Growing Rapidly
From identity providers to PaaS platforms, it’s alarmingly easy to create…

Webinar Announcement: Understanding the Risks Posed by Shadow AI Agents In the rapidly evolving landscape of artificial intelligence, a concerning trend is emerging: the proliferation of Shadow AI Agents. These agents, easily deployed by engineers or business units, can quietly operate within an organization, evading detection by security protocols. Despite…

Read More

[Webinar] The Rapid Rise of Shadow AI Agents: Strategies for Detection and Control

Join us on September 9, 2025
Artificial Intelligence / Threat Detection

⚠️ Just a single click can trigger a chain reaction. An engineer launches an “experimental” AI agent for a workflow test. A business team connects to streamline reporting. A cloud provider quietly activates a new agent behind the scenes. Individually, these actions may seem innocuous, but collectively they create an unseen network of Shadow AI Agents—operating beyond the reach of security measures and linked to unknown identities.

The harsh reality is that each of these agents poses significant risks:

  • Impersonation of legitimate users
  • Unauthorized non-human identities with access rights
  • Data breaches across supposedly secure boundaries

This is not a distant concern; it’s an urgent issue impacting enterprises globally, and they’re proliferating faster than governance can address. Don’t miss our upcoming discussion: Shadow AI Agents Uncovered. Secure your spot today—[Register Here].

Explore Why Shadow AI is Growing Rapidly
From identity providers to PaaS platforms, it’s alarmingly easy to create…

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.

Update Your Google Chrome Browser Immediately to Address Two New Actively Exploited Zero-Day Vulnerabilities On October 1, 2021, Google announced the release of critical security updates for its Chrome web browser, responding to two newly identified vulnerabilities that are presently being exploited by malicious actors. These vulnerabilities mark the fourth…

Read More

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.

Surge in Global Website Defacement Attacks by Hackers

Nov 05, 2013

Last week, we observed a notable increase in cyber attacks, specifically website defacements targeting various governments and organizations worldwide. Countries affected include Singapore, Mexico, the Philippines, Australia, Egypt, the United States, and Syria, among others. The most prominent incidents involved the Philippines and Australia, where the activist group Anonymous claimed responsibility.

On Sunday, Indonesian Anonymous hackers defaced hundreds of Australian government websites, citing their actions as retaliation for espionage allegations against Australia. The defaced sites displayed messages urging to “Stop Spying on Indonesia.” A comprehensive list of the targeted sites has been compiled on a Pastebin note.

In a separate event, Anonymous also targeted over 38 Philippine government websites, using this platform to call for public support for the anti-corruption protest known as the “Million Mask March” at the Batasang Pambansa scheduled for November.

Surge in Website Defacement Attacks Targeting Government Entities Worldwide Recent reports indicate a notable surge in cyber warfare, specifically in the realm of website defacement attacks. Over the past week, a series of high-profile intrusions have compromised the digital presence of multiple governmental and organizational websites across various countries, including…

Read More

Surge in Global Website Defacement Attacks by Hackers

Nov 05, 2013

Last week, we observed a notable increase in cyber attacks, specifically website defacements targeting various governments and organizations worldwide. Countries affected include Singapore, Mexico, the Philippines, Australia, Egypt, the United States, and Syria, among others. The most prominent incidents involved the Philippines and Australia, where the activist group Anonymous claimed responsibility.

On Sunday, Indonesian Anonymous hackers defaced hundreds of Australian government websites, citing their actions as retaliation for espionage allegations against Australia. The defaced sites displayed messages urging to “Stop Spying on Indonesia.” A comprehensive list of the targeted sites has been compiled on a Pastebin note.

In a separate event, Anonymous also targeted over 38 Philippine government websites, using this platform to call for public support for the anti-corruption protest known as the “Million Mask March” at the Batasang Pambansa scheduled for November.

SAP Releases Critical Patches for NetWeaver (CVSS Scores Up to 10.0) and High-Risk S/4HANA Vulnerabilities

Date: September 10, 2025
Category: Software Security / Vulnerability

On Tuesday, SAP issued security updates to rectify numerous vulnerabilities, including three critical flaws in SAP NetWeaver that could lead to remote code execution and unauthorized file uploads. Details of the vulnerabilities are as follows:

  • CVE-2025-42944 (CVSS Score: 10.0) – A deserialization vulnerability in SAP NetWeaver that allows unauthenticated attackers to submit malicious payloads via the RMI-P4 module, potentially executing operating system commands.
  • CVE-2025-42922 (CVSS Score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java enabling authenticated non-administrative users to upload arbitrary files.
  • CVE-2025-42958 (CVSS Score: 9.1) – A missing authentication check in the SAP NetWeaver application on IBM i-series, which could let unauthorized highly privileged users read, modify, or delete sensitive information, and access administrative functionalities.

SAP Addresses Critical Vulnerabilities in NetWeaver and High-Severity Flaws in S/4HANA On September 10, 2025, SAP issued several security updates aimed at mitigating significant vulnerabilities in its software, particularly within SAP NetWeaver. Among the disclosed issues are three critical vulnerabilities categorized with a Common Vulnerability Scoring System (CVSS) score peaking…

Read More

SAP Releases Critical Patches for NetWeaver (CVSS Scores Up to 10.0) and High-Risk S/4HANA Vulnerabilities

Date: September 10, 2025
Category: Software Security / Vulnerability

On Tuesday, SAP issued security updates to rectify numerous vulnerabilities, including three critical flaws in SAP NetWeaver that could lead to remote code execution and unauthorized file uploads. Details of the vulnerabilities are as follows:

  • CVE-2025-42944 (CVSS Score: 10.0) – A deserialization vulnerability in SAP NetWeaver that allows unauthenticated attackers to submit malicious payloads via the RMI-P4 module, potentially executing operating system commands.
  • CVE-2025-42922 (CVSS Score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java enabling authenticated non-administrative users to upload arbitrary files.
  • CVE-2025-42958 (CVSS Score: 9.1) – A missing authentication check in the SAP NetWeaver application on IBM i-series, which could let unauthorized highly privileged users read, modify, or delete sensitive information, and access administrative functionalities.

Code Execution Vulnerability Discovered in Yamale Python Package, Impacting Over 200 Projects

On October 7, 2021, a serious code injection vulnerability was identified in Yamale, a schema and validator for YAML files developed by 23andMe. This flaw could be easily exploited by attackers to execute arbitrary Python code. Designated as CVE-2021-38305 with a CVSS score of 7.8, the vulnerability arises from the improper handling of the schema file input, enabling circumvention of security measures.

The issue lies within the schema parsing function, which inadequately evaluates and executes all inputs, allowing maliciously crafted strings to execute system commands. Yamale is widely utilized by developers for validating YAML, a data serialization language commonly used in configuration files, with at least 224 repositories on GitHub relying on this package. This vulnerability presents a significant risk for any projects that utilize input schema files, enabling potential Python code injection for those with access.

Critical Code Execution Vulnerability Discovered in Yamale Python Package October 07, 2021 A significant security vulnerability has been uncovered in the Yamale Python package, a widely utilized tool for validating YAML files. This code injection flaw, identified as CVE-2021-38305, has been assigned a high CVSS score of 7.8, indicating its…

Read More

Code Execution Vulnerability Discovered in Yamale Python Package, Impacting Over 200 Projects

On October 7, 2021, a serious code injection vulnerability was identified in Yamale, a schema and validator for YAML files developed by 23andMe. This flaw could be easily exploited by attackers to execute arbitrary Python code. Designated as CVE-2021-38305 with a CVSS score of 7.8, the vulnerability arises from the improper handling of the schema file input, enabling circumvention of security measures.

The issue lies within the schema parsing function, which inadequately evaluates and executes all inputs, allowing maliciously crafted strings to execute system commands. Yamale is widely utilized by developers for validating YAML, a data serialization language commonly used in configuration files, with at least 224 repositories on GitHub relying on this package. This vulnerability presents a significant risk for any projects that utilize input schema files, enabling potential Python code injection for those with access.

China Asserts Commitment to International Collaboration in Addressing Cybersecurity Challenges

On November 6, 2013, at Stanford University, cybersecurity experts and leaders from over 40 nations convened to discuss the pressing issues of cyberspace security and international collaboration. The increasingly borderless nature of the internet highlights the urgent need for cooperative efforts in cybersecurity. Cai Mingzhao, Minister of the State Council Information Office of China, expressed the country’s eagerness to work alongside other nations to confront cybersecurity threats. Notably, this statement comes amid allegations of China’s involvement in significant cyberattacks. “To ensure cybersecurity, we must enhance international cooperation,” he stated, adding that China is prepared to expand partnerships with other countries and relevant international organizations on the principles of equality and mutual benefit. He further noted that China itself has been a victim of cybersecurity breaches, with over 80% of incidents affecting Chinese interests.

China Expresses Commitment to International Cybersecurity Cooperation On November 5th, 2013, a significant gathering took place at Stanford University, where cybersecurity experts and leaders from over 40 nations convened to address the pressing challenges of cyberspace security and the necessity for enhanced international collaboration. The discussions highlighted the intrinsic borderless…

Read More

China Asserts Commitment to International Collaboration in Addressing Cybersecurity Challenges

On November 6, 2013, at Stanford University, cybersecurity experts and leaders from over 40 nations convened to discuss the pressing issues of cyberspace security and international collaboration. The increasingly borderless nature of the internet highlights the urgent need for cooperative efforts in cybersecurity. Cai Mingzhao, Minister of the State Council Information Office of China, expressed the country’s eagerness to work alongside other nations to confront cybersecurity threats. Notably, this statement comes amid allegations of China’s involvement in significant cyberattacks. “To ensure cybersecurity, we must enhance international cooperation,” he stated, adding that China is prepared to expand partnerships with other countries and relevant international organizations on the principles of equality and mutual benefit. He further noted that China itself has been a victim of cybersecurity breaches, with over 80% of incidents affecting Chinese interests.

Beware of Salty2FA: New Phishing Kit Targeting Enterprises in the US and EU

September 10, 2025
Malware Analysis / Enterprise Security

Phishing-as-a-Service (PhaaS) platforms are continuously evolving, providing cybercriminals with quicker and cheaper methods to infiltrate corporate accounts. Researchers at ANY.RUN have identified a new threat: Salty2FA, a sophisticated phishing kit capable of bypassing various two-factor authentication methods and evading traditional defenses. Currently active in campaigns across the US and EU, Salty2FA threatens numerous industries, including finance and energy. Its complex execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most formidable PhaaS frameworks observed this year.

Why Salty2FA Poses a Significant Risk for Enterprises
With the ability to bypass push notifications, SMS, and voice-based 2FA, Salty2FA allows stolen credentials to easily lead to account takeovers. Targeting sectors such as finance, energy, and telecommunications, this kit transforms ordinary phishing emails into severe security breaches.

Identifying the Targets
ANY.RUN analysts have mapped Salty2FA campaigns and highlighted…

Beware of Salty2FA: Emerging Phishing Kit Targeting US and EU Businesses September 10, 2025 By BreachSpot News Team The landscape of cybersecurity threats is evolving rapidly, with Phishing-as-a-Service (PhaaS) platforms gaining momentum among malicious actors. In a recent discovery, cybersecurity analysts at ANY.RUN have identified a new phishing kit dubbed…

Read More

Beware of Salty2FA: New Phishing Kit Targeting Enterprises in the US and EU

September 10, 2025
Malware Analysis / Enterprise Security

Phishing-as-a-Service (PhaaS) platforms are continuously evolving, providing cybercriminals with quicker and cheaper methods to infiltrate corporate accounts. Researchers at ANY.RUN have identified a new threat: Salty2FA, a sophisticated phishing kit capable of bypassing various two-factor authentication methods and evading traditional defenses. Currently active in campaigns across the US and EU, Salty2FA threatens numerous industries, including finance and energy. Its complex execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most formidable PhaaS frameworks observed this year.

Why Salty2FA Poses a Significant Risk for Enterprises
With the ability to bypass push notifications, SMS, and voice-based 2FA, Salty2FA allows stolen credentials to easily lead to account takeovers. Targeting sectors such as finance, energy, and telecommunications, this kit transforms ordinary phishing emails into severe security breaches.

Identifying the Targets
ANY.RUN analysts have mapped Salty2FA campaigns and highlighted…