The Check Point Research 27th October Threat Intelligence Report provides a comprehensive overview of recent cyber threats and vulnerabilities affecting diverse sectors worldwide. The report highlights multiple data breaches, including Toys “R” Us Canada, where customer records containing names, addresses, emails, and phone numbers were leaked on the dark web, though passwords and financial data were not compromised. Japanese retailer Askul suffered a ransomware attack that halted online operations and disrupted logistics for major retailers, with potential data leakage. Swedish security firm Verisure experienced a breach via an external billing partner, exposing personal data of approximately 35,000 customers, including social security numbers. A notable targeted attack against European defense manufacturers involved the Lazarus group deploying ScoringMathTea RAT through trojanized GitHub repositories and fake job offers, enabling remote control and theft of sensitive UAV and weapons manufacturing data. Several critical vulnerabilities are actively exploited: CVE-2025-33073 allows Windows SMB Client privilege escalation by bypassing NTLM reflection mitigations, enabling SYSTEM privileges and potential authenticated remote code execution if SMB signing is disabled; CVE-2025-59287 is a critical Windows Server Update Service remote code execution flaw patched out-of-band due to active exploitation; CVE-2025-54236 affects Adobe Commerce (Magento) allowing session hijacking via REST API without user interaction, often leading to PHP webshell deployment, with over 60% of Magento stores unpatched. Additionally, a logic flaw in Rust async-tar libraries (CVE-2025-62518) enables remote code execution via TAR desynchronization, affecting numerous dependent projects. The report also details a sophisticated phishing campaign targeting LastPass users, resulting in master password theft and approximately $4.4M in cryptocurrency losses, attributed to the financially motivated CryptoChameleon group. LockBit ransomware has resurged with a new 5.0 variant featuring multi-platform support, enhanced anti-analysis, and faster encryption, impacting organizations across Europe, Americas, and Asia. Check Point’s Threat Emulation and Harmony Endpoint solutions provide protection against many of these threats. The report underscores the ongoing exploitation of critical vulnerabilities and targeted attacks on high-value sectors, emphasizing the need for timely patching and enhanced security controls.

European organizations face significant risks from the threats detailed in this report. The breach of Swedish security firm Verisure directly impacts Swedish citizens and could undermine trust in security service providers. The targeted attacks on European defense manufacturers, particularly UAV and drone firms, pose a severe threat to national security and defense industrial base confidentiality, potentially compromising sensitive weapons designs and manufacturing processes. The active exploitation of critical Windows and Adobe Commerce vulnerabilities threatens a broad range of enterprises, including government, finance, retail, and e-commerce sectors, many of which rely on these platforms. The LockBit ransomware resurgence with multi-platform capabilities increases the risk of operational disruption and financial loss across European organizations. The phishing campaign against LastPass users endangers credential security for individuals and enterprises relying on password managers, potentially leading to further breaches. Overall, these threats could result in data loss, operational downtime, financial damage, reputational harm, and compromise of critical infrastructure and defense capabilities within Europe.

European organizations should prioritize immediate patching of critical vulnerabilities, especially CVE-2025-33073, CVE-2025-59287, and CVE-2025-54236, ensuring all Windows systems and Adobe Commerce installations are updated with the latest security patches. Enforce SMB signing and disable legacy authentication protocols to mitigate SMB Client elevation-of-privilege exploits. Conduct thorough audits of third-party and supply chain partners, particularly for sensitive sectors like defense, to detect and prevent trojanized software and unauthorized access. Implement advanced endpoint detection and response solutions such as Check Point Threat Emulation and Harmony Endpoint to detect RAT infections and ransomware activity. Strengthen phishing awareness training focusing on sophisticated campaigns targeting password managers and implement multi-factor authentication (MFA) with phishing-resistant methods to protect critical credentials. Regularly review and restrict access privileges, especially for sensitive data and systems related to defense manufacturing. Monitor network traffic for anomalies indicative of ransomware or data exfiltration attempts. For Magento stores, disable default session storage or migrate to secure session management solutions to prevent session hijacking. Finally, establish incident response plans tailored to ransomware and data breach scenarios, including secure backups and rapid recovery capabilities.