The CERT Polska, FBI, NCSC UK, Cybersecurity and Infrastructure Security Agency, @NSAgov and other partners published a joint advisory warning that Russia-based cyber actor—also known as APT 29 /the Dukes/ CozyBear/ NOBELIUM/Midnight Blizzard—are exploiting CVE-2023-42793 at a large scale, targeting servers hosting

❓Have you heard about our Artemis project? We have been successfully using it for over a year to scan and detect web vulnerabilities on a large scale! Take a look at our examples and lessons learned ➡️cert.pl/en/posts/2024/…

As a Polish CERT we believe secure e-mail is essential for all institutions. That’s why we’re proud to introduce you to Mailgoose 🪿 The web app that allows to check SPF/DKIM/DMARC helping CERTs worldwide safeguard email servers effortlessly ⤵️ github.com/CERT-Polska/ma…

🏖 Are U looking for some summer work? Our open-source cybersecurity projects, Artemis, the web vulnerability scanner and Drakvuf, a hypervisor malware sandbox got accepted to the Google Summer of Code! Apply and make the Internet a better place with us at honeynet.org/gsoc/gsoc-2024…

‼️This week we observed a large-scale malware campaign targeting Polish government institutions. Based on technical indicators and similarity to attacks described in the past, the campaign can be associated with the APT28 activity set. More➡️ cert.pl/en/posts/2024/…

It was a real pleasure to participate! 💪

🛡️Protect organizations in your constituency from e-mail spoofing with our tool – mailgoose📧🪿 Enable them to check SPF, DMARC, and DKIM config with just a few clicks. Read more about it at cert.pl/en/posts/2024/… and setup your own instance of mailgoose: github.com/CERT-Polska/ma…

The #Artemis tool, developed by CERT Polska was presented at the #BlackHat2024 #GHUSA conference in Las Vegas. Black Hat Artemis is a modular vulnerability scanner powering CERT Polska large-scale scanning activities. It checks various aspects of website security

Joker is a malicious code hidden in various mobile apps from Play Store. It looks innocent but it can clean out the user’s bank account without them realizing anything. 💰 The details of how it works can be found in our analysis – cert.pl/en/posts/2024/…

Last week we had the opportunity to talk about our experiences with representatives of🇦🇱Albania,🇽🇰Kosovo and🇲🇰North Macedonia. We discussed handling of incidents, malware analysis & combating abuse in ICT. We thank DCAF and GIZ for organizing and the Albanian AKSK for hosting us!

Do you really enjoy reverse engineering but keep stumbling into heavily obfuscated binary files? We've got you covered! In our latest blog article we look at examples of obfuscation used in #LummaStealer and explain how we can work our way around it! 🧐 cert.pl/en/posts/2025/…

⚠️A spearphishing campaign exploiting the CVE-2024-42009 vulnerability in Roundcube. ‼️The vulnerability enables attackers to execute malicious JavaScript code when an e-mail message is opened. 📌High probability attribution to UNC1151 group. ➡️ More: cert.pl/en/posts/2025/…

🇵🇱🇪🇺 The main cyber goal of Polish presidency of the Council of the European Union achieved! 🟦 Cyber Blueprint, a project for which CERT Polska provided substantial insight, has been accepted as an emergency plan for a cyber crisis. 🔗 Read more: consilium.europa.eu/en/press/press…

Today we released a new stable version of DRAKVUF Sandbox v0.19.0 🎉– a project that leverages the DRAKVUF system for agentless malware analysis. Detailed release notes can be found on our Github: github.com/CERT-Polska/dr…

We've recently spotted a phishing campaign distributing a malware app used for NFC relay scams. Our analysts prepared a case study, both for general users and those more technical, check it out: cert.pl/en/posts/2025/…

🔍 Have you tried monitoring certificate transparency logs lately and found existing tools or libraries disappointing? ✅ Fear not! We're releasing a better one, with tiled format support, async operations, state persistence and an easy-to-use API. 🔗 github.com/CERT-Polska/ct…