Over the past 48 hours, DFIR teams faced active Cisco zero-day exploitation, evolving macOS XCSSET tactics, and BRICKSTORM espionage. Aviation operations suffered vendor software disruption; Harrods reported a third-party breach. INTERPOL announced 260 arrests targeting sextortion scams, and the NCA detained a UK suspect. CISA issued an emergency directive; NIST published compliance updates. Organisations should prioritise patching and secure-boot verification.

Airports across Europe faced major disruption after a third-party ransomware attack, while Jaguar Land Rover extended shutdowns from a cyber incident. Boyd Gaming also reported employee data theft. CISA flagged active Chrome zero-day exploitation, and SolarWinds issued a third patch for a critical flaw. Regulators tightened GDPR fines guidance, and UK police made an arrest.

In the last 48 hours, global cyber events highlighted vendor risk and operational fragility. European airports and Jaguar Land Rover faced major disruptions from supply-chain compromises, while schools in Texas and US agencies managed ransomware recoveries. Threat actors exploited WatchGuard Firebox flaws and posted new ransomware victims. Policymakers reinforced third-party accountability as investigations deepened.

Across the past 48 hours, DFIR teams tackled Uvalde CISD’s ransomware fallout and major healthcare disclosures, while Google patched an actively exploited Chrome zero-day. Law enforcement advanced cases tied to the TfL intrusion and broader critical-infrastructure attacks. Policy and standards moved too, with the UK’s Cyber Growth Action Plan and new NIST guidance on KEMs and TLS 1.3 visibility initiatives.

Global cyber events dominated the past 48 hours, with Jaguar Land Rover’s production shutdown, Kering’s customer data breach, and Vietnam’s credit bureau hack impacting millions. Apple rushed an emergency ImageIO patch, while CISA flagged eight new ICS advisories. Law enforcement cracked scams in Singapore and Mumbai, as ENISA and OFSI advanced compliance guidance.