In this 48-hour roundup we track insider-driven mega breaches, disrupted court and logistics systems, and fresh leaks from healthcare and consumer apps. New OT and backend vulnerabilities join the KEV list, while Europol’s Cryptomixer takedown and UK ransomware-reporting plans show growing pressure on the criminal business model and on unprepared boards, demanding faster, evidence-led response and genuinely risk-based cyber governance.

A global surge in third-party breaches, emergency-service outages, and supply-chain malware defined this 48-hour cycle. OpenAI’s Mixpanel incident, Asahi’s major data leak, and widespread disruptions at London councils and CodeRED highlight escalating systemic risk. New exploits, regulatory actions, and ISO-27001 advances reinforce the need for evidence-ready DFIR processes, developer-pipeline security, and stronger vendor oversight.

The latest 48 hours saw coordinated attacks on London councils, a breach at Harvard, and ransomware disrupting US emergency alerts. Industrial firm Balkrishna Paper Mills and major banking vendor SitusAMC also reported compromises. Active exploitation of a FortiWeb zero-day, a revived npm worm campaign, and a huge Android fiction-app data leak round out a high-impact period.

The past 48 hours saw major activity across DFIR, investigations and global threat intelligence, with ransomware playbooks, supply-chain breaches and identity-system zero-days dominating the landscape. Law-enforcement operations intensified across Asia, while G7 nations advanced cyber-policy coordination. Key updates highlight the growing convergence of identity, vendor ecosystems and human factors as critical security priorities.

A turbulent 48 hours saw fresh SaaS supply-chain breaches, a ransomware hit on an LG battery subsidiary, and renewed scrutiny of backup resilience and offline records. Law enforcement ran large-scale fraud crackdowns across India and arrested a Russian hacking suspect in Thailand, while new UK and US policy moves tightened expectations on incident reporting, sanctions and third-party risk.