The December 22, 2025, threat intelligence report from Check Point Research outlines multiple high-impact cyber threats and vulnerabilities affecting diverse sectors globally, with significant implications for European organizations. Key incidents include a massive data breach at PornHub, linked to its analytics provider Mixpanel, exposing over 200 million records containing sensitive user metadata such as email addresses, search and watch histories, and location data, though excluding passwords and payment information. This breach is attributed to the ShinyHunters extortion group. Similarly, SoundCloud experienced a cyberattack compromising approximately 28 million user accounts, impacting email addresses and public profile information, also claimed by ShinyHunters. In the UK, DXS International, a technology supplier to the NHS, suffered unauthorized access to internal servers, raising concerns about potential patient data exposure despite no reported clinical service disruption. The report highlights critical vulnerabilities including CVE-2025-37164 in HPE OneView software, enabling unauthenticated remote code execution across all versions prior to 11.00, threatening centralized IT infrastructure management. Another critical vulnerability, CVE-2025-14733, affects WatchGuard Firebox firewalls, allowing unauthenticated remote code execution via an out-of-bounds write flaw exploitable without user interaction. Fortinet products face authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719), permitting attackers to log in without credentials and export full device configurations, risking password exposure. The report also details advanced persistent threat activity by the Chinese group Ink Dragon targeting European governments through IIS server compromises and deployment of ShadowPad and FinalDraft backdoors for lateral movement and data exfiltration. Additionally, a Russia-affiliated group Z-Pentest conducted cyberattacks disrupting Denmark’s critical water infrastructure and electoral environment. Other notable incidents include cyberattacks on LKQ (auto parts giant), the University of Sydney, and Venezuela’s PDVSA oil company, illustrating a broad spectrum of targeted sectors. The report underscores the surge in AI-driven phishing and social engineering campaigns during the holiday season, increasing the overall threat landscape complexity. Protection technologies such as Check Point IPS, Threat Emulation, and Harmony Endpoint are recommended to mitigate these threats.

European organizations face multifaceted risks from these incidents and vulnerabilities. The PornHub and SoundCloud breaches expose vast amounts of personal data, increasing risks of identity theft, phishing, and reputational damage, particularly affecting European users of these platforms. The DXS International breach raises concerns about potential NHS patient data exposure, which could undermine trust in healthcare services and lead to regulatory penalties under GDPR. Critical vulnerabilities in HPE OneView and WatchGuard Firebox products threaten the integrity and availability of centralized IT infrastructure and network security devices widely used in European enterprises, potentially enabling attackers to execute arbitrary code, disrupt operations, or gain persistent access. Fortinet authentication bypass flaws risk full device compromise, threatening network security across sectors. The Ink Dragon APT’s targeting of European governments indicates a strategic threat to national security and sensitive governmental operations, with potential for espionage and disruption. The disruption of Denmark’s water infrastructure by a Russia-affiliated group highlights the risk to critical infrastructure, with potential cascading effects on public safety and essential services. The combination of these threats increases the likelihood of data breaches, operational disruptions, and espionage activities across Europe, necessitating urgent and coordinated defensive measures.

European organizations should prioritize immediate patching of critical vulnerabilities, specifically updating HPE OneView software to version 11.00 or later and applying WatchGuard Firebox Fireware OS patches addressing CVE-2025-14733. Fortinet device administrators must apply security updates to remediate authentication bypass vulnerabilities and rotate all device credentials post-patch. Organizations using Mixpanel or similar analytics services should review data sharing practices, enforce strict access controls, and monitor for suspicious activity related to user data. Healthcare suppliers and institutions should conduct thorough forensic investigations of breaches like the DXS International incident, enhance network segmentation, and implement zero-trust principles to limit lateral movement. Government entities must strengthen IIS server security by auditing configurations, deploying advanced endpoint detection and response (EDR) solutions, and monitoring for ShadowPad and FinalDraft backdoor indicators. Critical infrastructure operators, especially in water utilities, should collaborate with national cybersecurity agencies to implement enhanced intrusion detection, incident response plans, and threat intelligence sharing. Across sectors, organizations should increase user awareness training focused on AI-driven phishing scams, deploy multi-factor authentication with protections against SIM swapping, and utilize threat emulation and endpoint protection platforms to detect and block sophisticated malware loaders like GachiLoader. Regular backups, network segmentation, and continuous monitoring are essential to mitigate ransomware and extortion group threats such as ShinyHunters.