Over the past 48 hours, ransomware shut down a Texas school district, Panama’s finance ministry faced a major breach claim, and a Samsung zero-day was patched after active exploitation. Global law enforcement made phishing and child-exploitation arrests, while NIST closed comments on its DevSecOps draft, shaping future compliance expectations.

Supply-chain breaches dominate the window: Jaguar Land Rover confirms a data compromise and UK rail operator LNER warns customers after a supplier attack. CISA adds an actively exploited DELMIA Apriso flaw to KEV. Europol names a suspected ransomware admin Most Wanted. Policy shifts include EU Data Act switching duties and US debate over reauthorizing CISA 2015 before September 30 sunset.

In the past 48 hours, defenders juggled Plex breach fallout, Microsoft’s Patch Tuesday triage, and npm supply-chain hijacks. Adobe Commerce shipped critical fixes, while healthcare and media breaches broadened impact. U.S. prosecutors charged a multi-ransomware administrator and posted rewards. Takeaways: accelerate credential resets, lock down publish keys, and run disciplined emergency patch cycles. Prioritize monitoring, SBOM mapping, and phishing verification.

Chinese threat actors impersonated a U.S. lawmaker in a spyware campaign, while a ransomware group disrupted operations at Ireland’s K Club. CISA flagged a critical Sitecore CVE under active exploitation. A U.S. bill to extend cyber intel sharing advanced. DFIR teams must prioritise patching, phishing defences, and policy tracking this week.

In the past 48 hours, defenders faced urgent patch mandates for Sitecore and SAP S/4HANA exploitation, while Google fixed two Android zero-days. Investigations revealed a Chess.com data breach and GhostRedirector SEO hijacks. Major disruptions hit Jaguar Land Rover, and policy shifts saw U.S. info-sharing reauthorization progress alongside EU and Czech regulatory actions.