Vercel traced a customer-impacting breach to a compromised OAuth app, while investigators in India linked abusive Google Drive activity to specific IP records. Police dismantled mule-account fraud networks, and a Scattered Spider member entered a guilty plea. Meanwhile, Bluesky faced DDoS disruption and UK officials advanced board-level cyber-resilience expectations across major organisations nationwide.

Digital Forensics Magazine’s latest 48-hour roundup covers a WordPress plugin supply-chain compromise, espionage malware targeting Ukrainian emergency services, McGraw Hill’s reported 13.5 million-account breach, and Europol’s disruption of DDoS-for-hire infrastructure. It also tracks active exploitation of nginx-ui and Apache ActiveMQ flaws, UK crypto regulation proposals, and unauthorised access affecting Booking.com reservations and Inditex transaction databases across European retail systems globally.

Microsoft fixed an exploited SharePoint zero-day among 165 flaws, Adobe patched critical Acrobat bugs, and Basic-Fit disclosed a breach affecting about one million members. Investigators traced mailbox compromises hitting Ukrainian prosecutors, while authorities froze stolen cryptocurrency in Operation Atlantic. Regulators and central bankers also escalated scrutiny of Anthropic’s Claude Mythos Preview and its cybersecurity implications for financial stability and resilience.

This DFM 48-hour roundup tracks the European Commission cloud breach linked to the Trivy supply-chain compromise, emergency Adobe Reader zero-day patching, healthcare disruption at Signature Healthcare, UNC6783 targeting outsourced support functions, Operation Atlantic freezing more than $12 million tied to crypto fraud, and new policy movement on enterprise connected device security and EU digital wallet certification efforts.

Ransomware at ChipSoft disrupted Dutch hospitals, while Signature Healthcare diverted ambulances after a cyberattack. UK authorities linked router hijacking to a Russian military unit, and Northern Ireland schools faced network outages. Treasury launched crypto threat sharing, the NCA froze $12 million in scam proceeds, and NIST advanced AI risk guidance for critical infrastructure operators amid rising supplier and mobile exposure.