Ransomware disrupted University of Mississippi Medical Center clinics while Japan’s Advantest investigated a network intrusion. CISA warned BeyondTrust CVE-2026-1731 is exploited in ransomware, and a critical Grandstream VoIP flaw enables root RCE. PayPal reported customer-data exposure from an application error, and an Android AI media editor leaked millions of files, alongside indictments for ATM jackpotting.

Attackers are cutting response windows: Unit 42 cites cases reaching data exfiltration in 72 minutes. Figure Technology Solutions confirmed a breach tied to leaked user records, while Meriden, Connecticut reported ransomware disruption. Mandiant warned of active exploitation of a Dell RecoverPoint for VMs zero-day, and the UK ICO prevailed in the DSG Retail appeal, sharpening expectations for “appropriate security” practice.

China-linked actors exploited a Dell RecoverPoint zero-day for 18 months, while CISA added an actively exploited Chrome flaw to its KEV catalog. Australia’s YouX faced a major data-leak claim, and passport scans from Abu Dhabi Finance Week were exposed via a vendor server. Police arrested a Phobos ransomware suspect in Poland, as the UK launched a business cyber-hygiene campaign nationwide.

Google patched an in-the-wild Chrome zero-day while GreyNoise tied most Ivanti RCE probing to a single bulletproof-hosted IP. Canada Goose investigated a 600k-record leak claim as Dutch telco Odido faced exposure fallout. Police in Thailand and India targeted mule accounts, and the EDPB addressed spyware abuse. PCI SSC opened comments and CERT-EU issued a CTI framework for EU institutions today.

Over the past 48 hours, CISA added four exploited vulnerabilities to the KEV catalog and issued an ICS advisory on Siemens SINEC NMS. Odido confirmed a customer data leak, while SmarterTools disclosed ransomware after an auth-bypass on an unpatched VM. Researchers flagged active exploitation of a critical BeyondTrust RCE and reported nation-state use of Google Gemini for campaigns this week.