The French telecommunications company Orange, one of the largest telecom operators in the world, reports the discovery of a compromised system within its network.
On July 25, 2025, the compromised system was detected and isolated from the rest of the company’s network by specialists from the Orange Cyberdefense division, which focuses on cybersecurity issues.
It is reported that this caused disruptions primarily affecting French Orange customers. The issues are expected to be resolved today, July 30.
“On Friday, July 25, Orange Group detected a cyberattack on one of its information systems. Upon receiving the alert, with the support of Orange Cyberdefense, our teams were fully mobilized to isolate potentially affected services and minimize the consequences,” the company said in an official statement. “However, these actions to isolate the systems resulted in disruptions to some services and management platforms for our business clients, as well as affecting a number of consumer services, mainly in France.”
The company has already informed the relevant authorities about the cyberattack. It is also emphasized that, at present, the investigative team has not found any evidence that any data may have been stolen during the breach.
Orange does not associate this incident with any specific hacker group. However, it clearly resembles a series of large-scale breaches affecting telecommunications companies worldwide, including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream (1, 2, 3). The FBI and CISA attribute these attacks to the Chinese cyber-espionage group Salt Typhoon.
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →