CISA expands its Known Exploited Vulnerabilities list as Microsoft investigates active GoAnywhere MFT attacks. Japan’s Asahi Group faces a ransomware claim, while UK police arrest teens behind the Kido Nurseries breach. New NCSC guidance urges observability and proactive threat hunting. Global DFIR teams should prioritise patching, token hygiene, and compliance readiness amid rising cross-sector intrusions.