This threat intelligence report highlights a series of coordinated and opportunistic cyberattacks primarily involving ransomware groups Everest, Cl0p, and Akira, alongside nation-state actors and hacktivist groups. Everest ransomware has targeted major organizations including AT&T, Dublin Airport, Air Arabia, and Sweden’s Svenska kraftnät, exfiltrating hundreds of thousands to millions of sensitive records such as applicant data, passenger files, employee records, and internal operational data. Cl0p exploited a zero-day remote code execution vulnerability in Oracle E-Business Suite (CVE-2025-61882) to breach Pan American Silver Corp, Schneider Electric, and Cox Enterprises, leaking data and issuing ransom threats. Akira ransomware compromised Apache OpenOffice systems, stealing sensitive employee and financial data. Ribbon Communications suffered a suspected nation-state attack compromising files of government and telecom clients. Additional breaches include Dentsu’s US subsidiary Merkle and a phishing campaign at the University of Pennsylvania involving compromised mailing lists. Critical vulnerabilities are actively exploited, including CVE-2025-59287 in Microsoft Windows Server Update Services allowing unauthenticated remote code execution, and high-severity flaws in Google Chrome’s V8 engine affecting billions of users. AI assistant platforms have also been targeted with zero-click exploits enabling data exfiltration. European diplomatic and government entities in Hungary, Belgium, Italy, the Netherlands, and Serbia have been targeted by China-affiliated UNC6384 group using spear-phishing and PlugX malware. The Kurdish hacktivist group Hezi Rash has conducted ideologically motivated DDoS attacks including against Germany. The report underscores the complexity and diversity of current cyber threats, combining ransomware, zero-day exploits, nation-state espionage, and hacktivism. Protection requires multi-layered defenses, rapid patching, and proactive threat intelligence integration.

European organizations face significant risks from these attacks due to the targeting of critical infrastructure, government entities, and large multinational corporations with European operations or presence. The exfiltration of sensitive personal, operational, and financial data can lead to severe confidentiality breaches, reputational damage, regulatory penalties under GDPR, and operational disruptions. The exploitation of zero-day vulnerabilities in widely used enterprise software like Oracle E-Business Suite and Microsoft Windows Server Update Services increases the attack surface and complicates defense efforts. Nation-state and advanced persistent threat campaigns targeting European diplomatic and government institutions threaten national security and intelligence confidentiality. The ransomware attacks on airports and power grid operators pose risks to public safety and critical services continuity. The phishing campaigns leveraging compromised mailing platforms can facilitate further lateral movement and credential theft within European organizations. Overall, these threats could result in widespread data breaches, financial losses, service outages, and erosion of trust in digital infrastructure across Europe.

European organizations should prioritize immediate patching of all known critical vulnerabilities, particularly CVE-2025-61882 (Oracle E-Business Suite) and CVE-2025-59287 (Microsoft WSUS). Deploy and update intrusion prevention systems (IPS) with signatures targeting these exploits. Implement network segmentation to isolate critical infrastructure and sensitive data repositories, limiting ransomware lateral movement. Conduct thorough threat hunting and forensic analysis to detect indicators of compromise related to Everest, Cl0p, Akira ransomware groups, and nation-state malware such as PlugX. Enhance email security with advanced phishing detection, multi-factor authentication (MFA), and user awareness training to mitigate spear-phishing risks. Monitor and restrict use of third-party mailing platforms to prevent abuse. Employ endpoint detection and response (EDR) solutions capable of identifying zero-click exploits and anomalous AI assistant behaviors. Collaborate with national cybersecurity agencies for threat intelligence sharing and incident response coordination. Regularly back up critical data with offline copies to enable recovery from ransomware attacks. Tailor defenses to sector-specific risks, especially for critical infrastructure operators and government entities.