In cybersecurity, it is easy to focus on single incidents, high-profile campaigns or new attack techniques. However, it is sometimes worth stepping back and looking at the numbers. Data shows best which threats are not temporary trends, but a permanent part of the risk landscape. The CERT Polska / CSIRT NASK report for December 2025 offers exactly that kind of perspective.
In one month alone, the report recorded 51.8 thousand reports and 24.7 thousand incidents. The yearly figures were even stronger. In 2025, there were 658.3 thousand reports and 260.8 thousand incidents. This was a clear year-on-year increase. These numbers show one thing very clearly. The scale of threats is not shrinking. Moreover, many of those threats are still highly predictable. For organizations, this is an important signal. It means they do not always need to fight a completely new type of attack. Very often, they need to handle well the threats that have been working against users and companies for a long time.
The strongest message from the report is simple. Phishing and online fraud still dominate. In December 2025 alone, 7.3 thousand phishing incidents were recorded. This shows that fake websites, spoofed messages and credential theft attempts are not a side issue. They are a permanent part of today’s cyber threat landscape.
For organizations, this means they need to build good user habits and strengthen the protection of email, browsers and account access. Technical knowledge alone is not enough if an employee still trusts every link or attachment. That is why phishing should not be treated as an occasional topic. It should be treated as an area of continuous education, control and monitoring.
The second key takeaway is the huge number of dangerous web addresses. In 2025, 244.3 thousand domains were added to the national warning list. In December alone, the number reached 23.5 thousand. This scale cannot be ignored. In practice, it means that a user may land on a malicious site not through a sophisticated attack, but through a simple click.
That is why access control mechanisms are so important. This includes traffic filtering, DNS and URL policies, and fast reporting of suspicious domains. The earlier an organization can block access to a dangerous site, the lower the risk of data loss, credential theft or further incident development. This is one of those areas where simple protection decisions can have a major impact on real security.
The report also shows that smishing and the SMS channel remain a real threat vector. In 2025, 295.2 thousand reports of suspicious text messages were registered. Based on identified patterns, a total of 1.9 million SMS messages were blocked. These figures clearly show the scale of the problem.
For companies, this means they need clear response rules. Users should know what to do with a suspicious link sent by text message. They should also know where to report it and how quickly to react. In practice, one simple process helps a lot. There should be one reporting channel and one clear rule: links sent by SMS should never be treated as trustworthy by default. In a working environment, especially one with many mobile devices, this is an important part of building operational resilience.
The most important conclusion from these figures is not that “things are getting worse.” A more useful conclusion is that we already know where the main sources of risk are. They are phishing. They are malicious domains. They are suspicious text messages. These areas can be monitored, reduced and managed through good procedures, access protection and user awareness.
That is why reports like this should be read calmly and practically. Their purpose is not to create fear. Their purpose is to improve data protection, organize internal processes and build good security habits. If you want to explore more analyses and practical threat scenarios, visit the Knowledge section on the ADQ website. It is a good place to turn numbers into real security decisions.
