The 27th October Threat Intelligence Report from Check Point Research provides a comprehensive overview of recent cyber threats and vulnerabilities impacting diverse sectors globally. The report highlights several high-profile incidents: Toys “R” Us Canada suffered a data breach leaking customer personal data (names, addresses, emails, phone numbers) but not passwords or financial data. Japanese retailer Askul was hit by ransomware causing suspension of online operations and potential data leaks affecting major retailers like Muji and Loft. Swedish security company Verisure experienced a breach via an external billing partner compromising sensitive customer data including social security numbers of approximately 35,000 individuals. The Lazarus group, linked to North Korea, targeted European defense manufacturers, especially UAV/drone firms, using trojanized GitHub repositories and fake job offers to deploy ScoringMathTea RATs, enabling remote control and theft of proprietary weapons data. Several critical vulnerabilities are emphasized: CVE-2025-33073, a Windows SMB Client elevation-of-privilege flaw exploited to gain SYSTEM privileges by bypassing NTLM reflection mitigations; CVE-2025-59287, a critical Windows Server Update Service RCE vulnerability requiring out-of-band patches; and CVE-2025-54236, a session hijacking vulnerability in Adobe Commerce (Magento) allowing unauthenticated REST API access and webshell deployment, with over 60% of stores unpatched. Additionally, a logic flaw in Rust async-tar libraries (CVE-2025-62518) enables RCE via TAR desynchronization, affecting many dependent projects. The report also notes a sophisticated phishing campaign against LastPass users leading to credential theft and crypto losses, and the resurgence of LockBit ransomware with multi-platform capabilities and enhanced evasion techniques. Protection is available via Check Point IPS and endpoint solutions. These combined threats illustrate a complex landscape of targeted attacks, supply chain risks, and exploitation of unpatched vulnerabilities.

European organizations face significant risks from these threats due to their presence in affected sectors such as defense manufacturing, retail, public administration, and e-commerce. The breach of Swedish security firm Verisure directly impacts Swedish citizens and undermines trust in security providers. The Lazarus group’s targeting of European UAV and defense manufacturers threatens national security and intellectual property, potentially compromising sensitive weapons systems and manufacturing know-how. The Adobe Commerce vulnerability affects a large portion of European e-commerce platforms, risking customer data exposure, financial fraud, and operational disruption. Ransomware attacks like those by LockBit and the incident at Japanese retailer Askul (which affects European retailers through supply chains) can cause widespread operational downtime and financial losses. Phishing campaigns targeting password managers like LastPass endanger credential security across Europe, increasing risks of account takeover and crypto theft. Public sector cyberattacks disrupting municipal services, as seen in US counties, highlight the potential for similar impacts in European local governments. Overall, these threats can lead to loss of confidentiality, integrity, availability, reputational damage, regulatory penalties under GDPR, and economic harm.

European organizations should prioritize immediate patching of critical vulnerabilities such as CVE-2025-33073, CVE-2025-59287, and CVE-2025-54236, ensuring Adobe Commerce instances and Windows systems are fully updated. Enforce SMB signing and disable legacy authentication protocols to mitigate SMB-related privilege escalation. For defense manufacturers, implement strict supply chain security controls, including vetting of third-party code repositories and monitoring for trojanized dependencies. Employ advanced endpoint detection and response solutions capable of identifying RAT infections like ScoringMathTea. Conduct targeted phishing awareness campaigns emphasizing risks of credential theft, especially for users of password managers. Implement multi-factor authentication and monitor for suspicious login attempts. For public sector and retail organizations, develop and test incident response plans for ransomware and data breaches, including network segmentation and offline backups. Collaborate with threat intelligence providers to stay informed on emerging threats like LockBit 5.0. Finally, review and audit external partners’ security postures to reduce risks from third-party breaches as seen with Verisure’s billing partner compromise.