The Check Point Research 10th November 2025 Threat Intelligence Report provides a comprehensive overview of recent cyber incidents and vulnerabilities impacting global and European organizations. Among the highlighted attacks, the US Congressional Budget Office (CBO) suffered a breach attributed to the Chinese state-sponsored APT group Silk Typhoon, compromising sensitive communications and internal data. In Europe, Swedish IT systems supplier Miljödata experienced a data breach affecting up to 1.5 million individuals, with stolen personal data published on the dark web, disrupting multiple municipalities and impacting vulnerable populations. Poland faced cyber incidents including a data breach at the online loan platform SuperGrosz and a DDoS attack on the mobile payment system Blik, with authorities suspecting Russian involvement. On the vulnerability front, four critical flaws in Microsoft Teams allowed user impersonation and message manipulation, with one tracked as CVE-2024-38197. A critical remote command execution vulnerability (CVE-2025-48703) in CentOS Web Panel is actively exploited, enabling unauthenticated attackers with a valid username to execute arbitrary shell commands. Cisco Secure Firewall ASA and FTD devices are vulnerable to remote code execution and authentication bypass (CVE-2025-20333 and CVE-2025-20362), exploited in zero-day attacks causing denial-of-service and malware deployment. The report also reveals emerging AI-driven threats, including malware families leveraging large language models for evasive and dynamic attacks, and deepfake-based pharma scams using cloned sites and voice cloning to defraud victims. These developments indicate a shift towards more sophisticated, AI-enhanced cyber threats. The combination of state-sponsored espionage, large-scale data breaches, critical vulnerabilities with active exploitation, and AI-powered malware presents a multifaceted threat environment requiring urgent attention.

European organizations face significant risks from the reported threats. The breach of Miljödata directly impacts Swedish municipalities, potentially compromising the privacy and safety of millions, including children and protected identity subjects, which could lead to identity theft, fraud, and erosion of public trust. The Polish financial sector’s exposure to data breaches and DDoS attacks threatens financial stability and customer confidence, with potential spillover effects on the broader European financial ecosystem. Vulnerabilities in widely used platforms like Microsoft Teams, CentOS Web Panel, and Cisco Secure Firewall products pose risks to confidentiality, integrity, and availability of corporate communications, web hosting environments, and network security infrastructure across Europe. The active exploitation of these vulnerabilities can lead to unauthorized access, data exfiltration, service disruption, and lateral movement within networks. The emergence of AI-driven malware and scams increases the complexity of detection and response, potentially enabling more effective social engineering, evasion of traditional defenses, and dynamic attack behaviors. Collectively, these threats could disrupt critical services, compromise sensitive data, and undermine cybersecurity resilience in European public and private sectors.

European organizations should prioritize immediate patching of known vulnerabilities, specifically updating Microsoft Teams, CentOS Web Panel to version 0.9.8.1205 or later, and Cisco Secure Firewall ASA and FTD devices with the latest security updates. Deploy and regularly update intrusion prevention systems (IPS) such as Check Point IPS signatures that cover CVE-2025-48703, CVE-2025-20333, and CVE-2025-20362 to detect and block exploitation attempts. Enhance network segmentation and restrict API access to cloud backup environments to prevent unauthorized data exfiltration as seen in the SonicWall incident. Implement advanced threat detection capabilities that leverage AI and behavioral analytics to identify and respond to AI-driven malware and deepfake-based scams. Conduct targeted phishing awareness campaigns emphasizing the risks of deepfake and AI-enhanced social engineering. For organizations handling sensitive personal data, especially in public sectors like municipalities, enforce strict access controls, multi-factor authentication, and continuous monitoring for anomalous activities. Collaborate with national cybersecurity agencies to share threat intelligence and coordinate responses, particularly in countries facing state-sponsored threats. Finally, develop and regularly test incident response plans that include scenarios involving AI-powered attacks and supply chain compromises.