Skip to main content
National Cyber Security Center
Report incidents
Report incidents
Report incidents

National Cyber Security Centre Finland

News

  • Cybersecurity in the first half of 2026: countering cyber threats requires stronger preparedness and resourcing

    The cybersecurity situation in Finland has remained stable in the first half of 2026. Although no major sudden changes took place in the threat landscape, cyber threats have evolved alongside technology and the operating methods used by attackers. The use of artificial intelligence in attacks, the increase in Microsoft 365 account compromises and supply chain risks have become key concerns in particular.

  • Cyber Weather 2026

    , updated at 12:45

    The volume and severity of cyber threats remained at a typical level in March. As a result, the cyber weather continues to be rainy. The March cyber weather report provides a more extensive overview of cybersecurity phenomena and threats than usual.

  • Cyber Weather April 2026

    Microsoft 365 account breaches and vulnerabilities discovered in network edge devices were highlighted in the month’s cyber weather. Fewer incidents were reported to the NCSC-FI in terms of volume, but their severity remained at a typical level.

View all news

Vulnerabilities

  • Microsoft 365 accounts compromised – beware of phishing

    , updated at 13:50

    In August, the NCSC-FI received 70 reports related to Microsoft 365 account breaches. After the summer holiday season ended, the number of cases has risen significantly, and at present, organisational email accounts are being compromised at an accelerating pace. Numerous organisations have been exposed to breaches and subsequent phishing emails, and within a single organisation there may be several – even dozens – of compromised accounts. Criminals use stolen credentials to log in to Microsoft 365 services, and the hijacked accounts are then exploited to send new phishing messages and to carry out invoicing fraud.

  • Data breaches to Palo Alto GlobalProtect products – requires immediate action

    , updated at 14:29

    A vulnerability (CVE-2024-3400) in a Palo Alto GlobalProtect product that is widely used in organisations is being actively exploited. The vulnerability has significant effects and requires updating and investigating the devices. Devices susceptible to the vulnerability should be suspected of being breached.

  • A wave of data breaches is spreading between organisations – cut off the phishing

    , updated at 11:28

    Email accounts of Finnish organisations are being hijacked through a widely-spread phishing campaign. Criminals have been phishing the usernames and passwords of employees via email and scam pages, using the credentials to log in to Microsoft 365 email systems. The hijacked accounts are used to send new phishing messages both within the organisation and to other organisations.

View all vulnerabilities

Everyday information security

Not everything online is what it seems. Learn to recognize common scams and protect your personal information.

Information and guidance Ulkoinen verkkopalvelu.