Backdoored WordPress plugin updates created unauthorised access across production sites, while investigators examined coordinated campaigns targeting enterprise messaging infrastructure and exposed administrative tooling. Enforcement activity linked to DDoS-for-hire disruption operations and regulatory developments around AI and crypto governance further illustrated how technical compromise, investigative response, and policy intervention continue to converge across operational security environments.

This 48-hour roundup covers FIRESTARTER on a Cisco ASA device, Signal phishing targeting German politicians, GopherWhisper activity against government targets, ADT and Medtronic data incidents, Breeze Cache exploitation, CISA KEV additions, Singapore and Telangana cybercrime arrests, and Cyber Essentials Danzell transition guidance, with emphasis on evidence integrity, platform records, vulnerability exposure, and cross-border investigative readiness.

This 48-hour global roundup covers UK Biobank data appearing for sale in China, Eurail passport data exposure, Indonesian phishing-tool arrests, Toronto SMS-blaster seizures, France Titres breach claims, UMMC forensic review, China-nexus covert device networks, CrowdStrike LogScale vulnerability fixes, US scam-centre action, a BlackCat guilty plea, Japan’s financial cyber taskforce, and NCSC passkey guidance for consumer authentication.

French identity services faced potential data exposure, while New South Wales investigated unauthorised transfers of confidential Treasury files. Ukrainian police dismantled a Telegram bot farm supporting disinformation campaigns, and U.S. prosecutors secured guilty pleas in ransomware and phishing cases. Meanwhile, new .NET vulnerabilities and serial-to-IP device flaws highlighted ongoing exposure risks across connected infrastructure environments.

Vercel traced a customer-impacting breach to a compromised OAuth app, while investigators in India linked abusive Google Drive activity to specific IP records. Police dismantled mule-account fraud networks, and a Scattered Spider member entered a guilty plea. Meanwhile, Bluesky faced DDoS disruption and UK officials advanced board-level cyber-resilience expectations across major organisations nationwide.