🔍 Digital Forensics & Incident Response Insights
- BadCam: weaponizing Linux webcams via BadUSB for persistence: Eclypsium researchers show how firmware on common Lenovo-branded webcams can be reflashed to survive reboots and OS reinstalls—raising DFIR stakes around peripheral imaging and chain-of-custody.
No additional DFIR tool/advisory items from credible sources published in the last 48 hours.
⚠️ Exploits & Threat Intelligence
- Google Calendar invite quirk let researchers hijack Gemini agents: Crafted Calendar invites could steer agent workflows and leak data; Google says the issue is fixed—good reminder to review agent integrations and third-party triggers.
No additional new CVE/advisory releases in the last 48 hours.
🌐 Major Cyber Incidents
- Marks & Spencer restores click-and-collect 15 weeks after hack: UK retailer says services are back online; investigation continues following spring ransomware that also drew police arrests in July.
No other major confirmed breaches with fresh public details in the last 48 hours.
👮♂️ Law Enforcement Updates
No new global takedowns, arrests, or charges published by reputable agencies/outlets in the last 48 hours.
🏛️ Policy Updates
No new policy/regulatory moves meeting your criteria in the last 48 hours.
📜 Standards & Compliance
No new standards/framework releases or urgent compliance advisories in the last 48 hours.
📊 Snapshot Summary
| Section | Highlight | Why it matters |
|---|---|---|
| DFIR & IR | Peripheral firmware persistence via BadCam | Expand evidence collection to USB peripherals; consider firmware imaging. |
| Threat Intel | Agentic workflows steered via Calendar invites | Review automations; restrict third-party triggers and data scopes. |
| Major Incidents | M&S restores services after prolonged outage | Retail ops recovery timelines and comms are still under the microscope. |
📝 Editorial Perspective
- DFIR scope keeps widening: peripherals and firmware need playbook coverage, not just endpoints and servers.
- Agent/security-assistant features introduce new supply-chain-like trust edges—govern triggers and data paths.
- Incident recovery transparency (like M&S) is becoming part of brand resilience; track milestones as well as root cause.
📚 Reference Reading
🏷️ Tags:
DFIR, Cybersecurity News, Threat Intelligence, Ransomware, Law Enforcement, Cyber Policy, Compliance, EU CRA
Share on X
Share on LinkedIn
