The 15th September 2025 Threat Intelligence Report from Check Point Research provides a comprehensive overview of recent cyber threats and vulnerabilities observed globally. The report details a ransomware attack on Panama’s Ministry of Economy and Finance by the INC Ransom group, resulting in the theft of over 1.5TB of sensitive data including emails, financial documents, and budgeting details. This attack exposes critical fiscal operational data, potentially impacting national economic security. Other notable breaches include Vietnam’s National Credit Information Center, where personal financial data was stolen by the ShinyHunters group, and the American furniture company Lovesac, targeted by RansomHub ransomware. The New York Blood Center suffered a ransomware attack compromising sensitive patient and employee data. The British train operator London North Eastern Railway experienced a data breach through a compromised third-party supplier, exposing customer journey data but not payment or password information. The report also highlights critical vulnerabilities such as CVE-2024-40766 in SonicWall SSL VPN appliances, with a CVSS score of 9.3, allowing attackers to bypass access controls and crash firewalls; this flaw is actively exploited by Akira ransomware operators. Microsoft’s Patch Tuesday addressed 81 vulnerabilities including two zero-days affecting Windows SMB Server and Newtonsoft.Json. Emerging threats include the Yurei ransomware group using Go-based malware for double extortion, and a campaign by WhiteCobra distributing malicious VS Code extensions to steal cryptocurrency credentials. Additionally, new malware targeting exposed Docker APIs has been detected, blocking external API access and deploying advanced payloads. The report notes a 101% year-over-year increase in cyberattacks against the agriculture sector and rising ransomware incidents globally. Check Point’s Threat Emulation and Harmony Endpoint solutions provide detection and protection against many of these threats. The intelligence underscores the increasing complexity and scale of cyber threats targeting government, finance, manufacturing, and critical infrastructure sectors worldwide.

European organizations face significant risks from the threats detailed in this report due to several factors. The ransomware attacks targeting government entities and financial institutions mirror potential attack vectors in Europe’s public sector and banking industries, which are critical for economic stability. The SonicWall SSL VPN vulnerability is particularly concerning for European enterprises relying on these appliances for secure remote access, as exploitation can lead to unauthorized access, data breaches, and operational disruption. Supply chain attacks, such as those exploiting third-party suppliers or malicious VS Code extensions, pose risks to European software development and infrastructure sectors, potentially enabling credential theft and supply chain compromise. The surge in ransomware and extortion campaigns threatens availability and confidentiality of sensitive data across sectors including manufacturing, agriculture, and telecom, all vital to European economies. Data breaches exposing personally identifiable information can lead to regulatory penalties under GDPR, reputational damage, and financial losses. The geopolitical tensions and strategic importance of European government and infrastructure entities make them attractive targets for ransomware groups and nation-state affiliated actors. Overall, these threats could disrupt critical services, compromise sensitive data, and undermine trust in public and private institutions across Europe.

European organizations should prioritize immediate patching of critical vulnerabilities, especially the SonicWall SSL VPN flaw (CVE-2024-40766), ensuring firmware updates are applied and default or migrated credentials are reset. Implement strict access controls and network segmentation to limit lateral movement in case of compromise. Enhance supply chain security by vetting third-party suppliers, monitoring for unusual activity, and restricting access to sensitive systems. Employ advanced endpoint detection and response (EDR) solutions such as Check Point Harmony Endpoint and Threat Emulation to detect and block ransomware and malware payloads. Conduct regular security awareness training focused on phishing and supply chain attack vectors, particularly for developers using VS Code and related marketplaces. Backup critical data regularly with offline or immutable storage to enable recovery from ransomware without paying ransom. Monitor exposed APIs, especially Docker APIs, for unauthorized access attempts and apply rate limiting and authentication controls. Establish incident response plans tailored to ransomware and data breach scenarios, including coordination with law enforcement and regulatory bodies. Finally, ensure compliance with GDPR and other data protection regulations by encrypting sensitive data and minimizing data retention.