A sweeping 48-hour snapshot reveals Oracle E-Business Suite exploitation driving global extortion, Discord’s vendor breach exposing 70,000 IDs, and new CISA KEV and ICS advisories. Law enforcement seized BreachForums’ latest domain, while Clearview AI lost a key UK tribunal case. ENISA’s 2025 threat report underscores accelerating vulnerability exploitation and ransomware persistence worldwide.

CISA expands its Known Exploited Vulnerabilities list as Microsoft investigates active GoAnywhere MFT attacks. Japan’s Asahi Group faces a ransomware claim, while UK police arrest teens behind the Kido Nurseries breach. New NCSC guidance urges observability and proactive threat hunting. Global DFIR teams should prioritise patching, token hygiene, and compliance readiness amid rising cross-sector intrusions.

Oracle E-Business Suite zero-day (CVE-2025-61882) is being actively exploited, prompting global CERT advisories and extortion attempts linked to Clop. Asahi resumes operations after a ransomware-driven week-long outage. CISA adds a Meteobridge flaw to KEV. Europol spotlights cross-border data access gaps, while ETSI and ISO open security conferences shaping future compliance standards.

The past 48 hours saw Oracle customers targeted with extortion emails, Asahi shipments in Japan disrupted by ransomware, and CISA expanding its KEV list. DFIR teams investigated child data leaks and PHI exposures, while Dutch teens faced arrest for Europol spying. Policy updates span U.S. awareness campaigns, FCC reviews, and EU/UK compliance shifts.

The latest 48-hour roundup highlights global cyber risks and responses: CISA’s emergency directive on Cisco ASA, a U.S. government breach exposing FEMA and CBP staff data, and Google’s AI ransomware detection for Drive. Switzerland’s new 24-hour reporting rule sharpens compliance deadlines, while law enforcement in Singapore charged 15 over scam-linked mule networks.