Cybercriminal Rey, and member of the HellCat group, has revealed details of a hack into Orange's systems after a failed ransomware extortion attempt. He claims to have gained access to employee and customer data, including 380,000 email addresses, source code, invoices and contracts. Orange confirmed the attack, noting that it involved a less significant application. An investigation is underway to determine how the breach occurred and how to minimize the damage.

Rey had access to the system for more than a month and stole 12,000 files (6.5 GB of data), using stolen login credentials and vulnerabilities in Jira and Orange's internal portals. Some of the stolen information turned out to be obsolete. He acted, he claims, alone, but is a member of the HellCat group

Fraudsters send fake emails with the title "overdue invoice", posing as the accounting firm Booking. In the message, they inform about a supposed bill for PLN 2,249.99, trying to arouse fear and persuade recipients to react. Many people, wanting to verify the debt, may fall victim to fraud.

The biggest threat is the attached file, which looks like a standard document, but when opened, it starts downloading malware. After clicking on the script file from the ZIP archive, the device is infected, which gives criminals the opportunity to install more viruses and take control of the computer.

CERT warns against this threat, informing that the campaign is aimed at distributing malware. Experts advise not to open suspicious attachments and

Posts containing links to the login credentials of 24.5 million Polish accounts have appeared on a well-known hacking forum. The source of the email addresses and passwords is unknown, but experts suspect they are previously stolen information, re-shared by cybercriminals. The first to report the leak was Adam Lange on LinkedIn.


The hacker published seven posts, each containing a link to a file of 3.5 million lines of data. The files are stored at a Russian cloud service provider, which works similarly to Google Drive or Dropbox.

Source: cyberdefence24.pl

Vorwerk has reported a data leak of users using the Przepisownia service. Between January 30 and February 3, 2025, hackers gained access to, among others,

names,
surnames,
addresses,
dates of birth,
phone numbers,
email addresses,
culinary preferences,
information about Thermomix models.

User passwords were not compromised, and the incident was contained. The leak occurred from an external service provider's server, which should not be underestimated.

Source:instalki.pl

As a result of a hacker attack on the online system of the Super-Pharm chain of drugstores and pharmacies, customer data was leaked. The incident occurred on October 21, when cybercriminals exploited a vulnerability in the e-commerce software - Magento operated by an external supplier, Adobe Commerce. Super-Pharm informed customers about the leak by sending an email on October 25 with an apology and assurance of the steps taken to secure the system.

The leak concerns data such as first name, last name, e-mail address, delivery address, telephone number and details of customer orders. The company noted that so far there is no evidence that unauthorized persons downloaded this data, and the incident does not include login information to the mobile application and

Facebook and Instagram plan to roll out new features to improve security and privacy, including identity verification via video in which users are asked to record their face from different angles. This solution is intended to reduce the risk of scams and frauds, such as impersonating famous people or using false data. Facebook, after the recent controversy related to storing passwords unencrypted, assures that the new data protection mechanisms will be fully safe - recordings are to be encrypted and deleted after the verification process.

The new facial recognition technology will be used to block the content of fake ads, which often use images of celebrities to increase credibility. In the future, when appropriate mechanisms detect an advertisement containing t

Ch

Hackers attacked the Polish clothing company OCHNIK, gaining access to customer data such as names, surnames, delivery addresses, emails and phone numbers. The hack occurred on September 18, when cybercriminals hacked into the company's technical account using a software vulnerability. OCHNIK responded quickly, implementing preventive measures and securing the system. The company claims that no passwords or transaction history were stolen, and the risk of data misuse is low. Nevertheless, caution is advised against phishing, spam and suspicious messages.

Internet fraudsters are exploiting the floods that hit southwestern Poland to conduct fraud, including creating fake phishing sites and fake charity collections. The fake sites are often styled as authentic news sites, and their goal is to trick users into revealing their personal and financial information, such as credit card numbers or email addresses. Facebook posts are also being published, reporting on children allegedly missing during the floods. This false information often appears in the form of paid advertisements or articles that seem credible, but are in fact an attempt to scam people.

The Central Bureau for Combating Cybercrime has previously warned against such activities, including fake collections and fake RCB alerts that are designed to mislead p

Fortinet, a cybersecurity company, fell victim to a hacker attack. The company officially admitted responsibility for the incident. Hackers gained access to a Microsoft Sharepoint server, stealing approximately 440 GB of data, including online digital file storage credentials. The attack likely affected customers in the Asia-Pacific region. The hackers demanded a ransom, but Fortinet has not yet met their demands and is offering support to the victims.

Source: komputerswiat.pl

The data of 3.2 million WhatsApp users in Belgium has been put up for sale on the Dark Web, posing a serious risk to the privacy and security of users. The leak of this information, including phone numbers and user IDs, could lead to an increase in phishing attacks and the takeover of WhatsApp accounts. It is not yet known whether the leak also affects users from other countries.

Belgian platform Safeonweb, managed by the Cybersecurity Center, warned of the consequences of the incident, emphasizing that detecting the sellers will be difficult due to the cryptocurrency payment. The data could be used not only for fraud and intrusive marketing, but also to impersonate genuine users.

Meta, the owner of WhatsApp, has not yet issued an official sta

A group of hackers called RansomHub carried out an attack on the District Labor Office in Police, gaining access to computers belonging to employees of this institution. The attack was first revealed on August 14 on the blog of the hacker group, which announced its intention to make the stolen data public. RansomHub kept its promise by publishing this information on August 22 at 2:00 p.m., as announced.

The hackers gained access to the office's internal network infrastructure and individual computers, as suggested by the directory structure of the files they published. Analysis of the stolen data showed that cybercriminals did not manage to take over the full database of the office's petitioners, which could result in a mass leak of information, but this is not

The Helldown cybercrime group attacked seven organizations, including two Polish companies: Briju 1920 Limited and Vindix S.A. Stolen data has been published, including:

information about employees,
login details,
PESEL numbers,
residential addresses,
telephone numbers
date of birth.

Helldown claims to have obtained 103GB of data from Briju and 23GB from Vindix. Victims of data leaks should immediately withhold their PESEL numbers.

Source: cyberdefence24.pl
&l

Cybercriminals took advantage of vulnerabilities in the MOVEit software, stealing the data of up to 100 million people. This attack was one of the most serious security problems in 2023 and made it possible to extort a ransom of up to $100 million. In 2024, the number of vulnerabilities in edge services increased by 22%. compared to 2023

Software vulnerabilities published in the KEV catalog by CISA were responsible for 14 percent. security breaches last year, an increase of 180%. Every year. The average time from detecting a vulnerability to patching it is 175 days. Devices at the edge of the network, constantly connected to the Internet, are difficult to monitor and often do not have EDR installed.

In 2023, cybercriminals attacked 12 Norwegia

Agata S.A. issued a statement regarding the recent hacker attack that disrupted the operation of their IT system. Currently, the system works properly and shopping is possible both in stationary stores and online at agatameble.pl. Verification is in progress whether customer data (name, surname, address, telephone number, e-mail) has been leaked. The company urges customers to be cautious of suspicious calls and emails that may be phishing attempts. Customers should verify message senders, avoid opening suspicious attachments and not provide personal information to unknown people.

Source: