This DFM 48-hour roundup tracks the European Commission cloud breach linked to the Trivy supply-chain compromise, emergency Adobe Reader zero-day patching, healthcare disruption at Signature Healthcare, UNC6783 targeting outsourced support functions, Operation Atlantic freezing more than $12 million tied to crypto fraud, and new policy movement on enterprise connected device security and EU digital wallet certification efforts.

Ransomware at ChipSoft disrupted Dutch hospitals, while Signature Healthcare diverted ambulances after a cyberattack. UK authorities linked router hijacking to a Russian military unit, and Northern Ireland schools faced network outages. Treasury launched crypto threat sharing, the NCA froze $12 million in scam proceeds, and NIST advanced AI risk guidance for critical infrastructure operators amid rising supplier and mobile exposure.

CISA, FBI and NSA warned that Iranian-linked actors are targeting internet-connected PLCs in U.S. critical infrastructure, while a Massachusetts hospital diverted ambulances after a cyberattack. Investigators tracked cloud data theft to abused authentication tokens after a SaaS integrator breach, and the DOJ disrupted a GRU-linked DNS hijacking botnet as NIST advanced an AI risk profile for critical infrastructure operators broadly.

This edition tracks a cloud-breach attribution at the European Commission, emergency remediation for actively exploited FortiClient EMS systems, and CISA action on a TrueConf flaw. It also covers a cyberattack on a Massachusetts emergency communications centre, Microsoft’s warning on fast-moving Medusa intrusions, and Cambodia’s new cybercrime law aimed at scams, laundering, recruitment, and illicit data handling.

CISA flagged active exploitation of a Langflow flaw, while researchers warned ShareFile bugs can deliver unauthenticated remote code execution. Mercor confirmed fallout from the LiteLLM supply-chain compromise, Hasbro investigated unauthorized network access, and CERT-EU widened the scope of the Europa platform breach. Policy and standards developments also moved, from China’s digital-human draft rules to ENISA’s digital wallet certification work effort.