Active exploitation of SolarWinds Web Help Desk led to Velociraptor deployment, while the European Commission investigated a breach in its mobile device management environment. Singapore detailed a coordinated telco response to UNC3886. CISA added six known-exploited vulnerabilities, and Microsoft patched six exploited zero-days. BeyondTrust disclosed an unauthenticated RCE. Courts sentenced a fugitive tied to a $73M pig-butchering scheme in absentia.

European Commission contained suspicious activity against its device management platform, while reports highlighted CERT-EU indicators on infrastructure. Microsoft warned of active exploitation of SolarWinds Web Help Desk flaws. Singapore’s telco sector investigated an alleged state-linked intrusion as Winter Olympics services faced disruption attempts. UK authorities examined cyber-sanctions compliance and NIS bill progress, and Substack and Coupang disclosed user data exposure.

CISA ordered U.S. agencies to remove unsupported edge devices as active exploitation of a GitLab flaw continues. Romania’s Conpet reported a cyberattack disrupting systems, while Flickr warned of member data exposure via a third-party email provider. The UK ICO opened investigations into X and xAI over Grok, as the European Commission advanced a cybersecurity package and NIST sought draft comments.

CISA warned on Avation Light Engine Pro OT risk as CERT-FR prioritised weekly patches. Investigators tracked Notepad++ updater hijacking and coercive Scattered Lapsus ShinyHunters tactics. Major incidents included Coinbase contractor misuse, NationStates breach downtime, and an Iron Mountain data-theft claim. CISA added SolarWinds Web Help Desk RCE to KEV while Metro and Office exploits circulated across Europe, Americas, and APAC.

Ivanti Endpoint Manager Mobile zero-days drove urgent patching and forensic hunts, while US authorities seized the RAMP cybercrime forum and forfeited $400M tied to crypto laundering. Major incidents disrupted US municipal services, hosting infrastructure, and fintech platforms. Policy moved with a UK–Japan cyber partnership, alongside standards updates shaping vulnerability disclosure, random number generation assurance, and compliance expectations globally.