Download the report (PDF, 41.8MB)

Another year of CERT Polska’s activities is behind us. It was a special one, as it marked the end of the third decade of our operations – we are celebrating our 30th anniversary! The year 2025 was a time full of challenges, growth, and a comprehensive approach to shaping cybersecurity – from proactive threat detection, through handling reports and responding to incidents, to sharing knowledge and building public awareness.

Here, you will find stories about widespread fraud campaigns, insights from monitoring APT groups, and first-hand information on breakthroughs in threat detection. We will talk about security testing, vulnerability disclosure, malware, and ransomware attacks.

As always, we will also cover national and international cooperation, exercises and competitions, projects involving teams from around the world, Poland’s presidency of the Council of the European Union, and new initiatives connecting cybersecurity professionals from various institutions and sectors of the economy.

There will also be plenty of topics for fans of solid technical solutions. In the report, we will discuss services and software that we co-create or develop ourselves – AIPITCH, DNS4EU, FETTA, PERUN, Artemis, the Warning List, MWDB, n6, and our flagship initiative – moje.cert.pl.

The above list shows just how complex and diverse the tasks our team faces daily are. However, at the core of all these activities lies the need to strengthen and improve the system that makes Poland’s cyberspace safer. The second pillar is knowledge – awareness of threats and understanding how to prevent them are the most effective weapons in the fight against cybercriminals.

CERT Polska is made up of people, and we want our report to feel human too. Substantive, rich in reliable knowledge, data, and charts, yet at the same time engaging and compelling. Today, you will read about many important and challenging topics, but they are also matters we can simply be proud of – both as CERT and as Poles.

Enjoy your reading!

Click on the article that interests you in the table of contents below to view it in the browser, or download the report file.

• Introduction5
• About CERT Polska6
• Calendar8
• 30 Years of CERT Polska – perspectives from the team leaders 17
• Incidents and threats28
  • Overview of new campaigns29
  • Mobile malware39
  • Ransomware42
  • Observed activities of APT groups47
  • Key vulnerabilities 55
  • Data leaks67
• Activities of CERT Polska72
  • The Warning List73
  • SMS fraud73
  • Coordinated vulnerability disclosure76
  • #BezpiecznyPrzemysł (#SafeIndustry)80
  • Web application audits83
  • Security analysis of public sector mobile applications85
  • Locked Shields 202590
  • Research on CMS software for Public Information Bulletins91
  • Co-creation of sectoral CSIRT teams92
  • ECSC 202593
  • Polish Presidency of the Council of the European Union96
  • SECURE International Summit98
  • Cybersecurity education and promotion build awareness among Poles99
• Projects103
  • Moje.cert.pl104
  • Artemis105
  • Snitch107
  • AIPITCH108
  • PERUN108
  • FETTA109
  • DNS4EU111
• Statistics114
  • Incidents and incident reports 115
  • MWDB119
  • Moje.cert.pl120
  • Artemis120
  • Secure mail123
  • n6123