CISA added five newly exploited vulnerabilities to KEV as Cisco warned more Catalyst SD-WAN flaws are under active attack. Europol seized LeakBase and disrupted Tycoon 2FA, while Passaic County reported a malware outage and LexisNexis confirmed a data breach. Google challenged geofence warrants, and draft Cyber Resilience Act guidance signalled tougher product-security expectations for vendors and defenders globally this week.

UK NCSC urged organisations to tighten monitoring amid Middle East spillover risks, while Cloudflare reported session-token abuse. AkzoNobel confirmed a breach at a U.S. site after an extortion leak claim, and Russian government portals suffered a multi-vector DDoS. CISA warned VMware Aria Operations is being exploited, and California’s privacy regulator fined PlayOn Sports $1.1M. Supreme Court heard geofence warrant challenge.

CISA updated hunting guidance for RESURGE malware lingering on Ivanti appliances, while Juniper warned of a critical PTX router takeover flaw. Reuters tracked cyber operations hitting Iranian apps and sites after strikes, as Sophos monitored Iran-linked hacktivist claims. In the US, UH Cancer Center reported SSN exposure affecting up to 1.15 million people. Substack disclosed stolen emails and phone numbers.

Joint NSA-partner guidance and an NHS alert urge urgent hunting and hardening for actively exploited Cisco Catalyst SD-WAN flaws. Dutch telco Odido reports attackers publishing stolen customer data, while ManoMano notifies 38 million users after a third-party breach. Trend Micro patched critical Apex One console RCE. DOJ says scam-center crypto freezes exceeded $580m. EU advanced an undersea cable protection plan.

Australia’s ACSC released Azul, an open-source malware analysis tool, as defenders tracked vishing-driven access at Optimizely and extortion claims hitting Wynn Resorts and Air Côte d’Ivoire. Researchers detailed a GitHub Copilot prompt-injection chain and an NPM supply-chain campaign dubbed Sandworm_Mode. Spain arrested Anonymous Fénix suspects, while U.S. Treasury sanctioned a bulletproof hosting provider. NIST updated CSF guidance; CarGurus disclosed breach.