Google patched an in-the-wild Chrome zero-day while GreyNoise tied most Ivanti RCE probing to a single bulletproof-hosted IP. Canada Goose investigated a 600k-record leak claim as Dutch telco Odido faced exposure fallout. Police in Thailand and India targeted mule accounts, and the EDPB addressed spyware abuse. PCI SSC opened comments and CERT-EU issued a CTI framework for EU institutions today.

Over the past 48 hours, CISA added four exploited vulnerabilities to the KEV catalog and issued an ICS advisory on Siemens SINEC NMS. Odido confirmed a customer data leak, while SmarterTools disclosed ransomware after an auth-bypass on an unpatched VM. Researchers flagged active exploitation of a critical BeyondTrust RCE and reported nation-state use of Google Gemini for campaigns this week.

Active exploitation of SolarWinds Web Help Desk led to Velociraptor deployment, while the European Commission investigated a breach in its mobile device management environment. Singapore detailed a coordinated telco response to UNC3886. CISA added six known-exploited vulnerabilities, and Microsoft patched six exploited zero-days. BeyondTrust disclosed an unauthenticated RCE. Courts sentenced a fugitive tied to a $73M pig-butchering scheme in absentia.

European Commission contained suspicious activity against its device management platform, while reports highlighted CERT-EU indicators on infrastructure. Microsoft warned of active exploitation of SolarWinds Web Help Desk flaws. Singapore’s telco sector investigated an alleged state-linked intrusion as Winter Olympics services faced disruption attempts. UK authorities examined cyber-sanctions compliance and NIS bill progress, and Substack and Coupang disclosed user data exposure.

CISA ordered U.S. agencies to remove unsupported edge devices as active exploitation of a GitLab flaw continues. Romania’s Conpet reported a cyberattack disrupting systems, while Flickr warned of member data exposure via a third-party email provider. The UK ICO opened investigations into X and xAI over Grok, as the European Commission advanced a cybersecurity package and NIST sought draft comments.