Ransomware disrupted Sweden’s municipal IT and Pennsylvania’s Attorney General’s office, while attackers abused Velociraptor and VS Code tunnels for stealthy access. New threats include WhatsApp zero-click exploits, TamperedChef malvertising, Brokewell Android malware, and ScarCruft’s RokRAT espionage. Indian police dismantled trafficking-to-scam pipelines and online fraud rings, underscoring cybercrime’s human dimension alongside technical threats.

Salesforce OAuth token abuse, cloud-native ransomware, and NetScaler zero-day exploitation dominated the last 48 hours. Investigators tracked PRC router persistence, PlugX delivery, and major breaches at TransUnion and Nevada state services. Policy and law enforcement actions tightened around DPRK fraud and PRC laundering networks, while NIST issued new IoT behavior and control updates.

A 48-hour sweep of cyber developments highlights urgent Citrix NetScaler and Docker zero-days, ransomware hitting Nevada state services and Nissan’s design unit, and fresh AI threat vectors. DFIR teams gain new IR guidance, while ENISA takes charge of the EU Cyber Reserve. Cross-sector vigilance remains essential amid escalating threats.

The Impact of the Cyber Assessment Framework (CAF) on Digital Investigations Executive Summary The UK’s Cyber Assessment Framework (CAF) version […]

DFIR & Incident Response Elastic: How to reduce alert overload in defence SOCs (2025-08-22, EMEA). Guidance focuses on AI-powered triage […]