French identity services faced potential data exposure, while New South Wales investigated unauthorised transfers of confidential Treasury files. Ukrainian police dismantled a Telegram bot farm supporting disinformation campaigns, and U.S. prosecutors secured guilty pleas in ransomware and phishing cases. Meanwhile, new .NET vulnerabilities and serial-to-IP device flaws highlighted ongoing exposure risks across connected infrastructure environments.

Vercel traced a customer-impacting breach to a compromised OAuth app, while investigators in India linked abusive Google Drive activity to specific IP records. Police dismantled mule-account fraud networks, and a Scattered Spider member entered a guilty plea. Meanwhile, Bluesky faced DDoS disruption and UK officials advanced board-level cyber-resilience expectations across major organisations nationwide.

Digital Forensics Magazine’s latest 48-hour roundup covers a WordPress plugin supply-chain compromise, espionage malware targeting Ukrainian emergency services, McGraw Hill’s reported 13.5 million-account breach, and Europol’s disruption of DDoS-for-hire infrastructure. It also tracks active exploitation of nginx-ui and Apache ActiveMQ flaws, UK crypto regulation proposals, and unauthorised access affecting Booking.com reservations and Inditex transaction databases across European retail systems globally.

Microsoft fixed an exploited SharePoint zero-day among 165 flaws, Adobe patched critical Acrobat bugs, and Basic-Fit disclosed a breach affecting about one million members. Investigators traced mailbox compromises hitting Ukrainian prosecutors, while authorities froze stolen cryptocurrency in Operation Atlantic. Regulators and central bankers also escalated scrutiny of Anthropic’s Claude Mythos Preview and its cybersecurity implications for financial stability and resilience.

This DFM 48-hour roundup tracks the European Commission cloud breach linked to the Trivy supply-chain compromise, emergency Adobe Reader zero-day patching, healthcare disruption at Signature Healthcare, UNC6783 targeting outsourced support functions, Operation Atlantic freezing more than $12 million tied to crypto fraud, and new policy movement on enterprise connected device security and EU digital wallet certification efforts.