The 15th December 2025 Threat Intelligence Report from Check Point Research details a range of cyber threats and incidents impacting diverse sectors globally. A notable event is the GPS spoofing attack on seven major Indian airports, including Delhi and Mumbai, which disrupted GPS-based aircraft landing procedures. Although no flights were canceled due to contingency measures, this attack demonstrates the vulnerability of critical aviation infrastructure to cyber-physical threats. In the US, healthcare provider TriZetto Provider Solutions suffered unauthorized access exposing protected health information, while 700Credit experienced a data breach affecting over 5.6 million individuals, exposing sensitive personal and financial data. The Pierce County Library System was hit by ransomware from the INC gang, forcing shutdowns and data exposure. The French Interior Ministry’s email servers were compromised, though serious data loss is not confirmed. Russian contractor Mikord was breached with exfiltration of sensitive military-related data. Additionally, a Home Depot employee’s exposed GitHub token allowed prolonged unauthorized access to internal code repositories and cloud systems. On the vulnerability front, Google Chrome and Apple WebKit received emergency patches for actively exploited zero-day flaws enabling remote code execution and memory corruption. SAP disclosed multiple critical vulnerabilities with CVSS scores ranging from 9.1 to 9.9, including code injection and deserialization flaws. The report also highlights a surge in ransomware attacks, with industrial manufacturing and education sectors heavily targeted. Advanced threat campaigns such as GOLD BLADE employ multi-stage infection chains and DLL side-loading to evade detection. A new phishing technique, ConsentFix, tricks victims into granting account access without passwords or MFA by exploiting browser-native prompts. Overall, the report illustrates a complex threat environment combining cyber-physical attacks, data breaches, zero-day exploits, ransomware, and sophisticated social engineering.

European organizations face significant risks from these threats due to the interconnectedness of global supply chains, shared technology platforms, and critical infrastructure dependencies. The GPS spoofing attack on Indian airports signals potential risks to European aviation and transport sectors that rely on GPS navigation, especially as similar spoofing techniques could target European airports or logistics hubs. Data breaches exposing personal and financial information threaten compliance with GDPR, risking regulatory penalties and reputational damage for European healthcare, financial, and public sector entities. The ransomware campaigns and advanced persistent threats described could impact European industrial manufacturing and government bodies, sectors historically targeted by ransomware gangs. The zero-day vulnerabilities in widely used software like Google Chrome, Apple WebKit, and SAP products pose immediate risks to European enterprises and consumers, as these platforms are prevalent across Europe. The ConsentFix phishing technique undermines MFA protections, increasing the risk of account takeovers in European organizations relying on Microsoft cloud services. Collectively, these threats could disrupt operations, compromise sensitive data, and erode trust in digital services across Europe.

European organizations should prioritize patching critical vulnerabilities in browsers (Chrome, Safari/WebKit) and enterprise software (SAP) immediately to mitigate active exploitation risks. Aviation and transport sectors should review and enhance GPS signal validation and implement multi-layered navigation safeguards to detect and respond to spoofing attempts. Healthcare and financial institutions must conduct thorough audits of access controls and monitor for unauthorized access to sensitive data, employing anomaly detection and data loss prevention tools. Ransomware resilience can be improved by segmenting networks, enforcing least privilege, and maintaining offline backups. Organizations should educate users about emerging phishing techniques like ConsentFix, emphasizing caution with browser prompts and unsolicited requests to copy-paste links. Deploy advanced threat detection solutions capable of identifying multi-stage infection chains and DLL side-loading tactics. For cloud and code repositories, enforce strict token management policies, including regular rotation and monitoring for exposed credentials. Collaboration with national cybersecurity agencies and sharing threat intelligence can enhance situational awareness and coordinated response across Europe.