Microsoft fixed an exploited SharePoint zero-day among 165 flaws, Adobe patched critical Acrobat bugs, and Basic-Fit disclosed a breach affecting about one million members. Investigators traced mailbox compromises hitting Ukrainian prosecutors, while authorities froze stolen cryptocurrency in Operation Atlantic. Regulators and central bankers also escalated scrutiny of Anthropic’s Claude Mythos Preview and its cybersecurity implications for financial stability and resilience.

This DFM 48-hour roundup tracks the European Commission cloud breach linked to the Trivy supply-chain compromise, emergency Adobe Reader zero-day patching, healthcare disruption at Signature Healthcare, UNC6783 targeting outsourced support functions, Operation Atlantic freezing more than $12 million tied to crypto fraud, and new policy movement on enterprise connected device security and EU digital wallet certification efforts.

Ransomware at ChipSoft disrupted Dutch hospitals, while Signature Healthcare diverted ambulances after a cyberattack. UK authorities linked router hijacking to a Russian military unit, and Northern Ireland schools faced network outages. Treasury launched crypto threat sharing, the NCA froze $12 million in scam proceeds, and NIST advanced AI risk guidance for critical infrastructure operators amid rising supplier and mobile exposure.

CISA, FBI and NSA warned that Iranian-linked actors are targeting internet-connected PLCs in U.S. critical infrastructure, while a Massachusetts hospital diverted ambulances after a cyberattack. Investigators tracked cloud data theft to abused authentication tokens after a SaaS integrator breach, and the DOJ disrupted a GRU-linked DNS hijacking botnet as NIST advanced an AI risk profile for critical infrastructure operators broadly.

This edition tracks a cloud-breach attribution at the European Commission, emergency remediation for actively exploited FortiClient EMS systems, and CISA action on a TrueConf flaw. It also covers a cyberattack on a Massachusetts emergency communications centre, Microsoft’s warning on fast-moving Medusa intrusions, and Cambodia’s new cybercrime law aimed at scams, laundering, recruitment, and illicit data handling.