Education-sector cyber incidents, software supply-chain compromises and actively exploited mobile vulnerabilities dominated this reporting period. Reported attacks affecting Indian examination platforms, malicious npm package activity and Android security flaws drew significant attention. Regulators in Hong Kong, Europe and the United States also advanced AI-related cybersecurity measures, while Europol and U.S. policymakers highlighted evolving cybercrime enforcement and investigative capabilities.

Europol fraud and Black Axe actions, Signal phishing targeting German officials, Singapore contractor data exposure, Winona County ransomware leaks, Itron and Medtronic network intrusions, active cPanel exploitation, malicious SAP npm packages, UK breach survey findings, and agentic AI security guidance shape this DFM 48-hour roundup for investigators focused on evidence, attribution, audit trails, and cross-platform correlation readiness.

CISA, FBI and NSA warned that Iranian-linked actors are targeting internet-connected PLCs in U.S. critical infrastructure, while a Massachusetts hospital diverted ambulances after a cyberattack. Investigators tracked cloud data theft to abused authentication tokens after a SaaS integrator breach, and the DOJ disrupted a GRU-linked DNS hijacking botnet as NIST advanced an AI risk profile for critical infrastructure operators broadly.

This cycle reinforces a persistent operational truth: the “end” of an incident is rarely the end of its consequences. Threat actors keep pushing toward low-friction entry points—browser extensions, loader chains, and access-broker marketplaces—so prevention and detection must focus on control-plane hygiene and behavior telemetry. Evolving EU policy and AI-security baselines signal that assurance requirements will increasingly follow technology adoption globally.

Over the past 48 hours, defenders saw OT hardening guidance, fresh ICS advisories, and reports of active FortiSIEM exploitation. Hospitals and travel services faced disruptive incidents and data exposure, while investigators tracked themed malware and money-mule networks. Standards bodies advanced AI security and payment software assurance, signaling tighter audit expectations. Prioritize patching, segmentation, logging choke points, and evidence-ready reporting today.