The December 15, 2025 Threat Intelligence Report from Check Point Research details a series of significant cyber threats and incidents globally. A prominent event is the GPS spoofing attack targeting seven major Indian airports (Delhi, Mumbai, Kolkata, Bengaluru, among others), which disrupted GPS-based aircraft landing procedures. Although no flights were cancelled or diverted, the attack exposed vulnerabilities in aviation navigation systems reliant on GPS signals, highlighting risks to critical infrastructure. In the US, healthcare provider TriZetto Provider Solutions experienced unauthorized access to a customer portal, exposing protected health information (PHI) and personally identifiable information (PII). Similarly, 700Credit suffered a breach compromising data of over 5.6 million individuals, emphasizing risks to financial data. The Pierce County Library System was hit by ransomware from the INC gang, causing system shutdowns and data exposure. The French Interior Ministry's email servers were compromised, though serious data loss was not confirmed. Russian contractor Mikord was breached with exfiltration of sensitive military-related data. A prolonged exposure of a private GitHub token at Home Depot allowed extensive internal system access. On the vulnerability front, Google patched a high-severity Chrome flaw (CVE-2025-14174) exploited in the wild, related to the ANGLE graphics library enabling remote code execution. Apple addressed two zero-day WebKit vulnerabilities (CVE-2025-43529 and CVE-2025-14174) exploited in targeted attacks. SAP released patches for critical vulnerabilities including code injection and deserialization flaws with CVSS scores up to 9.9. The report also highlights a rise in ransomware incidents globally, new phishing campaigns abusing trusted services, and advanced malware campaigns using multi-stage infection chains and novel evasion techniques. These findings underscore the evolving threat landscape affecting multiple sectors and geographies.

For European organizations, the GPS spoofing incident underscores vulnerabilities in aviation and critical infrastructure systems that rely on GPS signals, which could be exploited to disrupt operations or cause safety hazards. Although the incident occurred in India, similar attacks could target European airports or transport systems, especially given Europe's dense air traffic and reliance on GPS-based navigation. The healthcare and financial sector breaches in the US highlight risks to sensitive personal data that European entities also manage, emphasizing the need for robust data protection. The ransomware attacks and government-targeted breaches illustrate the persistent threat to public sector and critical infrastructure entities in Europe, which are often targeted by sophisticated threat actors. The actively exploited zero-day vulnerabilities in widely used software platforms like Google Chrome and Apple WebKit pose direct risks to European users and enterprises, potentially enabling remote code execution and system compromise. SAP vulnerabilities are particularly relevant given SAP's extensive use in European enterprises for business-critical applications. The rise in phishing campaigns and advanced malware techniques further threaten European organizations by increasing the risk of credential theft, unauthorized access, and ransomware infections. Overall, these threats could lead to data breaches, operational disruptions, financial losses, and reputational damage across multiple sectors in Europe.

European organizations should prioritize immediate patching of critical vulnerabilities, especially those in widely used software such as Google Chrome, Apple WebKit, and SAP systems, to prevent exploitation. Aviation and transport authorities should implement multi-layered navigation security measures, including GPS signal authentication, alternative navigation systems, and anomaly detection to mitigate GPS spoofing risks. Healthcare and financial institutions must enhance monitoring of access to sensitive data portals, enforce strict access controls, and conduct regular audits to detect unauthorized access early. Public sector and critical infrastructure entities should strengthen ransomware defenses by implementing network segmentation, offline backups, and incident response plans tailored to ransomware scenarios. User education campaigns are essential to raise awareness of sophisticated phishing techniques like ConsentFix and impersonation of trusted services, emphasizing cautious handling of browser prompts and links. Organizations should deploy advanced threat detection solutions capable of identifying multi-stage infection chains and evasive malware behaviors. Additionally, supply chain security should be reinforced to prevent exposure through third-party contractors or leaked credentials. Collaboration with national cybersecurity agencies and sharing threat intelligence can improve preparedness and response capabilities across Europe.