Over the past 48 hours, DFIR teams have faced escalating ransomware, supply-chain breaches and state-backed backdoors, while regulators and law enforcement push back with major takedowns and new AI-OT guidance. From European crypto-fraud raids to Asia-Pacific “digital arrest” scams and North American data leaks, the roundup tracks evolving attacker playbooks and practical defensive priorities for security leaders and incident responders.

Ransomware-hit fintechs, leaked university staff records and a massive Coupang customer data exposure headline this 48-hour DFM roundup. Investigators crack camera-hacking and “digital arrest” scams, while Akira and other gangs push fresh victims onto leak sites. Meanwhile governments tighten ransomware and CRA policy, and insecure consumer apps spill highly sensitive personal data worldwide, raising pressure on boards, regulators and responders.

In this 48-hour roundup we track insider-driven mega breaches, disrupted court and logistics systems, and fresh leaks from healthcare and consumer apps. New OT and backend vulnerabilities join the KEV list, while Europol’s Cryptomixer takedown and UK ransomware-reporting plans show growing pressure on the criminal business model and on unprepared boards, demanding faster, evidence-led response and genuinely risk-based cyber governance.

A global surge in third-party breaches, emergency-service outages, and supply-chain malware defined this 48-hour cycle. OpenAI’s Mixpanel incident, Asahi’s major data leak, and widespread disruptions at London councils and CodeRED highlight escalating systemic risk. New exploits, regulatory actions, and ISO-27001 advances reinforce the need for evidence-ready DFIR processes, developer-pipeline security, and stronger vendor oversight.

The latest 48 hours saw coordinated attacks on London councils, a breach at Harvard, and ransomware disrupting US emergency alerts. Industrial firm Balkrishna Paper Mills and major banking vendor SitusAMC also reported compromises. Active exploitation of a FortiWeb zero-day, a revived npm worm campaign, and a huge Android fiction-app data leak round out a high-impact period.