CISA ordered U.S. agencies to remove unsupported edge devices as active exploitation of a GitLab flaw continues. Romania’s Conpet reported a cyberattack disrupting systems, while Flickr warned of member data exposure via a third-party email provider. The UK ICO opened investigations into X and xAI over Grok, as the European Commission advanced a cybersecurity package and NIST sought draft comments.

CISA warned on Avation Light Engine Pro OT risk as CERT-FR prioritised weekly patches. Investigators tracked Notepad++ updater hijacking and coercive Scattered Lapsus ShinyHunters tactics. Major incidents included Coinbase contractor misuse, NationStates breach downtime, and an Iron Mountain data-theft claim. CISA added SolarWinds Web Help Desk RCE to KEV while Metro and Office exploits circulated across Europe, Americas, and APAC.

Ivanti Endpoint Manager Mobile zero-days drove urgent patching and forensic hunts, while US authorities seized the RAMP cybercrime forum and forfeited $400M tied to crypto laundering. Major incidents disrupted US municipal services, hosting infrastructure, and fintech platforms. Policy moved with a UK–Japan cyber partnership, alongside standards updates shaping vulnerability disclosure, random number generation assurance, and compliance expectations globally.

Nike investigated an extortion-linked breach claim, Rotterdam port operations faced hacktivist-driven DDoS disruption, and CISA added actively exploited Ivanti EPMM vulnerabilities to its KEV catalogue. Law enforcement seized the RAMP cybercrime forum, while NIST advanced its Cyber AI Profile consultation. Identity compromise, control-plane abuse, and data-only extortion dominated incident response priorities globally.

This cycle reinforces that routine security work, standards updates, browser fixes in flight, and edge-device advisories, directly shapes investigation quality and response speed when exploitation pressure rises. High-trust automation platforms and perimeter systems remain prime targets, so teams should prioritise patch validation, token rotation, and log preservation to contain blast radius and defend decisions under regulatory and customer scrutiny forensics-ready incident narratives.