Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 20/2025

We have published instructions on the more secure maintenance of WordPress content management systems

The NCSC-FI has published instructions  (in Finnish) on the secure maintenance of WordPress content management systems. The instructions highlight the importance of online store security and provide tips for secure maintenance practices. It is intended both for individuals who manage their own websites and for more technically oriented administrators.

We have also published a topical Information Security Now! article  (in Finnish) on the security of websites and online stores. The article follows recent findings by the NCSC-FI regarding digital skimming – the theft of personal and payment data from compromised online store websites. It also includes a real-world example of how a skimming malware operates.

If you notice unfamiliar users, code, or other content on your website, it may indicate a data breach. In such cases, report the incident to your service provider and to the NCSC-FI. If the issue involves digital skimming in particular, it should also be reported to the police.

Information-stealing malware distributed again under the guise of copyright infringement

The NCSC-FI has received several reports about email messages warning of copyright infringement, which have been used to distribute information-stealing malware. The emails have exploited the names of several Finnish media organisations. We previously reported on a similar method of malware distribution in our weekly reviews 51/2024 and 14/2025 .

The aim of the emails is to get the recipient to open a link containing malware designed to steal information. The malware is hidden inside a ZIP archive file with a Finnish name. The file is large in size and includes all components required to activate the malware. A large file size can hinder the ability of security products to detect malicious content.

Many types of malware require user interaction to become active. To this end, malware distributors exploit the target country’s language, urgency, and pressure to prompt the recipient to react to the message. The information-stealing malware attempts to steal passwords and data stored in the browser. The stolen data may be sold on or used in further data breach attempts.

ENISA has published the European Vulnerability Database (EUVD)

On 13 May, ENISA published the European Vulnerability Database (EUVD) (External link). The vulnerability database collects vulnerability information from manufacturers, CSIRT units and other vulnerability databases.

The aim of the EUVD is to serve as a centralised database that consolidates vulnerabilities from various sources. Each vulnerability is assigned a unique EUVD identifier, but the database also includes an Alternative ID, which may be a CVE identifier or a vendor-specific reference. This allows vulnerability data from different sources to be gathered in one place.

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

Vulnerabilities

CVE: CVE-2025-4427, CVE-2025-4428
CVSS: 7.2
What: Critical vulnerability exploited in Ivanti product Ivanti EPMM
Repair: Update to newest version

CVE: CVE-2025-32756
CVSS: 9 9.6
What: Critical vulnerability patches for Fortinet products
Product: FortiFone, FortiVoice, FortiNDR, and FortiMail 
Repair: Update to newest version