The December 8th, 2025 Threat Intelligence Report from Check Point Research outlines a series of significant cyber threats and vulnerabilities impacting multiple sectors globally. Key incidents include data breaches at the University of Pennsylvania and University of Phoenix, where attackers exploited zero-day vulnerabilities in Oracle E-Business Suite servers to gain unauthorized access, compromising personal data of thousands. The Cl0p ransomware gang is suspected to be behind these breaches as part of a wider campaign targeting Oracle products. Additionally, the financial software provider Marquis Software Solutions suffered a breach affecting over 74 US banks and credit unions via SonicWall firewall vulnerabilities, likely perpetrated by the Akira ransomware group. Other ransomware attacks include Qilin targeting a pharmaceutical firm and TridentLocker breaching the Belgian postal service Bpost. The report also details critical vulnerabilities such as CVE-2025-55182 (React2Shell), which allows unauthenticated remote code execution in React 19.x and related frameworks, posing a severe risk to web applications and backend services. Another notable vulnerability was found in OpenAI Codex CLI enabling remote code execution through malicious local configuration files. The report further discusses sophisticated cyber-espionage campaigns like Salt Typhoon and BRICKSTORM, and malware threats such as the Albiriox Android banking trojan distributed via smishing and fake apps. Protection against these threats is offered by Check Point’s IPS, Threat Emulation, and Harmony Endpoint solutions. The report underscores the complexity and diversity of modern cyber threats, combining zero-day exploits, ransomware, supply chain attacks, and advanced persistent threats targeting critical infrastructure and sensitive data.

European organizations face considerable risks from these threats due to widespread use of Oracle E-Business Suite in enterprise resource planning and financial operations, and increasing adoption of React-based web frameworks in digital services. Exploitation of zero-day vulnerabilities can lead to unauthorized data access, large-scale data breaches, and ransomware infections that disrupt business continuity. The financial sector is particularly vulnerable given the precedent of attacks on banks and credit unions, potentially leading to theft of sensitive customer data and financial losses. Educational institutions and government-related entities in Europe could also be targeted, mirroring attacks on US universities and telecom providers. The ransomware campaigns threaten availability by encrypting critical data and demanding ransom payments, while espionage campaigns risk confidentiality through data exfiltration. The React2Shell vulnerability’s unauthenticated remote code execution capability allows attackers to compromise web servers without user interaction, increasing the attack surface. Overall, these threats can cause reputational damage, regulatory penalties under GDPR for data breaches, and significant operational disruptions across multiple sectors in Europe.

European organizations should immediately prioritize patching Oracle E-Business Suite servers as soon as vendor updates or workarounds become available, and apply patches for the React2Shell vulnerability (CVE-2025-55182) and other disclosed flaws. Deploy advanced intrusion prevention systems (IPS) capable of detecting and blocking exploitation attempts targeting Oracle products and React frameworks. Implement endpoint detection and response (EDR) solutions with behavioral analytics to identify ransomware activity early. Network segmentation should be enforced to limit lateral movement in case of compromise, especially isolating critical financial and educational systems. Regularly audit and monitor firewall configurations, particularly SonicWall devices, to detect unauthorized access attempts. Conduct threat hunting for indicators related to Cl0p, Akira, Qilin, and TridentLocker ransomware groups. Enhance phishing awareness training to reduce risk from smishing and social engineering attacks that distribute malware like Albiriox. Maintain robust backup and recovery procedures with offline copies to mitigate ransomware impact. Finally, establish incident response plans tailored to ransomware and zero-day exploit scenarios, including coordination with law enforcement and cybersecurity agencies.