Across the past 48 hours, DFIR teams tackled Uvalde CISD’s ransomware fallout and major healthcare disclosures, while Google patched an actively exploited Chrome zero-day. Law enforcement advanced cases tied to the TfL intrusion and broader critical-infrastructure attacks. Policy and standards moved too, with the UK’s Cyber Growth Action Plan and new NIST guidance on KEMs and TLS 1.3 visibility initiatives.

Global cyber events dominated the past 48 hours, with Jaguar Land Rover’s production shutdown, Kering’s customer data breach, and Vietnam’s credit bureau hack impacting millions. Apple rushed an emergency ImageIO patch, while CISA flagged eight new ICS advisories. Law enforcement cracked scams in Singapore and Mumbai, as ENISA and OFSI advanced compliance guidance.

Over the past 48 hours, ransomware shut down a Texas school district, Panama’s finance ministry faced a major breach claim, and a Samsung zero-day was patched after active exploitation. Global law enforcement made phishing and child-exploitation arrests, while NIST closed comments on its DevSecOps draft, shaping future compliance expectations.

Supply-chain breaches dominate the window: Jaguar Land Rover confirms a data compromise and UK rail operator LNER warns customers after a supplier attack. CISA adds an actively exploited DELMIA Apriso flaw to KEV. Europol names a suspected ransomware admin Most Wanted. Policy shifts include EU Data Act switching duties and US debate over reauthorizing CISA 2015 before September 30 sunset.

In the past 48 hours, defenders juggled Plex breach fallout, Microsoft’s Patch Tuesday triage, and npm supply-chain hijacks. Adobe Commerce shipped critical fixes, while healthcare and media breaches broadened impact. U.S. prosecutors charged a multi-ransomware administrator and posted rewards. Takeaways: accelerate credential resets, lock down publish keys, and run disciplined emergency patch cycles. Prioritize monitoring, SBOM mapping, and phishing verification.