The December 22, 2025, Threat Intelligence Report from Check Point Research outlines a broad spectrum of cyber threats impacting multiple sectors worldwide, with notable implications for European organizations. A major data breach disclosed by PornHub involves over 200 million records of Premium users, including sensitive metadata such as email addresses, search and watch histories, and locations, linked to the analytics provider Mixpanel. This breach, attributed to the ShinyHunters extortion group, also affected OpenAI. SoundCloud suffered a cyberattack compromising approximately 28 million user accounts, impacting email and public profile data, also claimed by ShinyHunters. LKQ, an auto parts giant, experienced a cyberattack related to Oracle E-Business Suite, exposing personal data including Employer Identification Numbers and Social Security numbers of over 9,000 individuals. The British NHS technology supplier DXS International was targeted in a cyberattack affecting internal office servers, though clinical services remained operational. The University of Sydney reported a breach exposing personal data of over 27,000 staff and students. Venezuela’s state oil company PDVSA faced operational disruptions due to a cyberattack. Denmark’s water utility was targeted in a cyberattack attributed to the Russia-affiliated group Z-Pentest, disrupting critical water infrastructure and part of a broader campaign against Danish critical infrastructure and electoral systems. The report highlights critical vulnerabilities with no CVSS scores provided but severe implications: CVE-2025-37164 in HPE OneView allows unauthenticated remote code execution across all versions prior to 11.00, threatening centralized IT infrastructure management. CVE-2025-14733 affects WatchGuard Firebox firewalls enabling unauthenticated remote code execution via an out-of-bounds write flaw, actively exploited without user interaction. Fortinet products (FortiGate, FortiOS, FortiWeb, FortiProxy, FortiSwitchManager) suffer from critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) allowing attackers to log in without credentials and export full device configurations, risking password compromise. Advanced persistent threat activity includes the Chinese threat actor Ink Dragon targeting European governments by exploiting IIS servers with ShadowPad backdoors and deploying a new FinalDraft backdoor for data exfiltration and lateral movement. Malware campaigns such as GachiLoader and its second-stage loader Kidkadi employ novel obfuscation and injection techniques to evade detection. Darknet marketplaces are recruiting insiders at banks, crypto exchanges, telecoms, and tech firms to sell access and data, including SIM swapping services to bypass two-factor authentication. AI-driven phishing and scam campaigns surged during the holiday season, impersonating delivery brands and leveraging AI chatbots to enhance credibility. Protection against these threats is available via Check Point IPS, Threat Emulation, and Harmony Endpoint solutions. The report underscores the need for vigilance in patch management, insider threat monitoring, and phishing defense enhancements.

European organizations face multifaceted risks from these threats. The PornHub-Mixpanel breach exposes vast amounts of personal data, potentially leading to identity theft, targeted phishing, and reputational damage, especially for European users of these platforms. The attacks on SoundCloud and the British NHS supplier DXS International highlight vulnerabilities in consumer and critical healthcare infrastructure, risking data confidentiality and operational stability. The disruption of Denmark’s water utility by a Russia-affiliated group signals a direct threat to critical infrastructure availability and public safety, with potential cascading effects on other essential services. Critical vulnerabilities in widely deployed infrastructure management tools (HPE OneView) and network security devices (WatchGuard Firebox, Fortinet products) threaten the integrity and availability of enterprise and government IT environments across Europe. Exploitation could lead to full system compromise, data exfiltration, and persistent backdoors, severely impacting confidentiality, integrity, and availability. The Ink Dragon APT’s focus on European governments indicates heightened geopolitical targeting, with risks of espionage, data theft, and disruption of governmental operations. The rise of insider recruitment campaigns and AI-driven phishing scams increases the likelihood of successful social engineering attacks, undermining organizational security postures. Overall, these threats could result in financial losses, regulatory penalties under GDPR, erosion of public trust, and national security concerns.

European organizations should implement a prioritized patch management program to address critical vulnerabilities in HPE OneView (CVE-2025-37164), WatchGuard Firebox firewalls (CVE-2025-14733), and Fortinet products (CVE-2025-59718, CVE-2025-59719) immediately. Network segmentation and strict access controls should be enforced to limit lateral movement in case of compromise. Deploy advanced endpoint detection and response (EDR) solutions capable of identifying novel malware techniques such as those used by GachiLoader and Ink Dragon’s FinalDraft backdoor. Enhance monitoring for anomalous authentication and configuration export activities on Fortinet and WatchGuard devices to detect exploitation attempts. Conduct regular insider threat awareness training and implement robust insider threat detection mechanisms, including monitoring for unusual access patterns and data exfiltration attempts. Strengthen phishing defenses by deploying AI-enhanced email filtering, user training focused on AI-driven scams, and multi-factor authentication methods resistant to SIM swapping. For critical infrastructure operators, especially in water utilities and healthcare, implement strict network segmentation, continuous monitoring, and incident response plans tailored to nation-state threat actors. Collaborate with national cybersecurity agencies for threat intelligence sharing and coordinated defense. Finally, review third-party vendor security practices, particularly analytics providers like Mixpanel, to reduce supply chain risks.