The Check Point Research 10th November 2025 Threat Intelligence Report provides a comprehensive overview of recent cyber threats and vulnerabilities affecting multiple sectors globally, with notable impacts in Europe. The report opens with a confirmed cyber attack on the US Congressional Budget Office (CBO) by the Chinese state-sponsored APT group Silk Typhoon, resulting in unauthorized access to sensitive communications and draft reports. In Europe, Swedish IT systems supplier Miljödata suffered a major data breach exposing personal data of up to 1.5 million individuals, disrupting municipal operations and affecting vulnerable populations. Poland experienced breaches in financial services, including a data breach at SuperGrosz and a DDoS attack on Blik, with possible Russian threat actor involvement. Additionally, SonicWall disclosed a cloud backup breach impacting all customers, exposing encrypted credentials and device configurations. The report details critical vulnerabilities: four in Microsoft Teams allowing user impersonation and message manipulation (notably CVE-2024-38197), a critical remote command execution vulnerability in CentOS Web Panel (CVE-2025-48703) actively exploited in the wild, and two Cisco Secure Firewall vulnerabilities (CVE-2025-20333 and CVE-2025-20362) enabling root RCE and DoS attacks, previously exploited to deploy malware. Check Point also highlights the rise of AI-driven threats, including pharma scams using deepfake doctors and clinics, and AI-powered malware families (FRUITSHELL, PROMPTSTEAL, QUIETVAULT, PROMPTFLUX) that dynamically alter behavior mid-execution, complicating detection and response. These developments underscore an increasingly sophisticated threat landscape combining state-sponsored espionage, large-scale data breaches, supply chain compromises, and AI-enhanced malware operations.

European organizations face multifaceted impacts from these threats. The Miljödata breach directly compromises the personal data of millions, including vulnerable groups, risking identity theft, fraud, and erosion of public trust in municipal services. Financial sector breaches in Poland threaten customer privacy and disrupt critical payment infrastructure, potentially undermining financial stability and consumer confidence. The exploitation of critical vulnerabilities in widely used platforms like Microsoft Teams, CentOS Web Panel, and Cisco Secure Firewall can lead to unauthorized access, data manipulation, service disruption, and lateral movement within networks, increasing the risk of espionage and sabotage. The SonicWall cloud backup breach exposes encrypted credentials and configurations, potentially enabling targeted attacks on numerous organizations relying on this service. The emergence of AI-driven scams and malware introduces new challenges for detection and mitigation, increasing the risk of successful fraud campaigns and evasive malware infections. Collectively, these threats can lead to significant operational disruption, financial losses, regulatory penalties under GDPR, and reputational damage for European entities.

European organizations should implement a layered and proactive defense strategy tailored to these threats. Immediate patching of critical vulnerabilities is essential: update Microsoft Teams to address CVE-2024-38197, upgrade CentOS Web Panel to version 0.9.8.1205 or later to mitigate CVE-2025-48703, and apply Cisco Secure Firewall patches for CVE-2025-20333 and CVE-2025-20362. Deploy advanced intrusion prevention systems (IPS) such as Check Point IPS signatures that specifically detect and block these exploits. Conduct thorough audits of cloud backup configurations and access controls, especially for SonicWall users, to detect unauthorized access and rotate credentials. Enhance monitoring for anomalous behavior indicative of AI-driven malware or deepfake scams, leveraging threat intelligence feeds and AI-based detection tools. Strengthen identity and access management (IAM) with multi-factor authentication and strict privilege controls to limit lateral movement. For data breach response, implement robust incident response plans, notify affected individuals promptly, and coordinate with data protection authorities to comply with GDPR. Educate employees about AI-powered phishing and social engineering tactics to reduce susceptibility. Collaborate with law enforcement and cybersecurity communities to share intelligence on emerging threats and threat actors.