DFM’s latest 48-hour cybersecurity roundup tracks ransomware and DDoS disruptions hitting critical services, plus a platform hijack that underscores integrity risks in high-traffic ecosystems. We also highlight actively exploited perimeter vulnerabilities, supply-chain threats in npm and notarized macOS droppers, and enforcement actions releasing new decryptors. Policy and standards updates round out what responders need now: evidence-ready incident timelines, resilient identity controls, and third-party governance.

DFM’s 48-hour global roundup tracks active exploitation and high-impact breaches, alongside enforcement and policy moves shaping response obligations. Key themes include appliance-level compromise requiring rebuild decisions, KEV-driven patch acceleration, and major consumer data incidents escalating into multi-agency scrutiny. Investigations emphasize the money layer—mule accounts and laundering hubs—while standards and governance pressures continue to tighten auditability, reporting, and defensible security operations across regions.

In the last 48 hours, breaches and recoveries hit healthcare and retail, while investigators disrupted fraud marketplaces and laundering services. Major incidents affected oil logistics and UK government systems. Active exploitation warnings targeted React2Shell and SonicWall SMA, alongside new CISA ICS advisories. Policy and standards moved on UK cyber legislation, EU CRA reporting, and NIST’s Cyber AI profile this week.

DFM’s latest 48-hour roundup covers ransomware recovery updates, major platform breaches, and active exploitation alerts, alongside fraud investigations and law enforcement crackdowns. Policy signals include UK resilience legislation progress and rising phishing of public officials, while NIST advances AI-era security profiles. The edition also tracks consumer app exposure risks and third-party telemetry weaknesses shaping incident response.

In the past 48 hours, responders tracked macOS infostealer lures and a ransomware decryptor weakness, while regulators opened probes into UK mobile outages and Seoul investigators intensified action over Coupang. Major breach disclosures include 700Credit impacts, alongside React2Shell/KEV patch pressure. Enforcement operations targeted SIM and laundering networks. Consumer risks rose from exposed AI imagery, fiction-app records leaks, and fake apps.