Sugar Land works to restore services after network breach — The City of Sugar Land, Texas reported a cyber breach that disrupted phones, internet and online payments, triggering a multi-agency incident response and temporary suspension of late fees (13-10-2025) [US]. Municipal IR teams should validate backups, segment affected networks, and coordinate public communications to reduce disruption and fraud exposure (Source: Houston Chronicle, 13-10-2025).

Report: healthcare ransomware up 30% with vendor pivot — New analysis shows a 30% surge in healthcare ransomware in 2025, with attackers increasingly compromising third-party vendors and service partners to reach hospital networks (13-10-2025) [Global]. IR teams should expand supplier playbooks, rehearse third-party breach containment, and tighten data-sharing controls across clinical ecosystems (Source: Industrial Cyber, 13-10-2025).

New York smishing campaign impersonates tax authority — Authorities and researchers are tracking texts promising bogus “inflation refunds” to steal personal and financial data from New Yorkers (12-10-2025) [US]. DFIR teams should collect SMS headers and hosting artifacts, enrich with ISP requests, and push rapid takedowns to limit victimization at scale (Source: BleepingComputer, 12-10-2025).

Investigators probe Texas municipal network disruption — A Houston-area suburb reported service outages tied to a cyberattack, with inquiries spanning local to federal partners as systems are restored (11-10-2025) [US]. Case development highlights the need for preserved logs, chain-of-custody for volatile data, and coordinated evidence sharing across agencies (Source: The Record, 11-10-2025).

Qantas confirms customer data posted after July breach — Qantas said cyber criminals released customer information months after a July intrusion linked to a third-party platform, affecting frequent flyer details but not payment data (12-10-2025) [AU]. Airlines and travel operators should expect surge phishing against exposed passengers and tighten vendor access reviews (Source: Reuters, 12-10-2025).

Australia warns of scams after Qantas data appears online — Government urged vigilance as Qantas customers’ names, contact details and loyalty numbers were circulated on criminal forums following the earlier breach (13-10-2025) [AU]. Incident underscores post-breach harm minimisation: identity monitoring, credential resets and customer fraud education (Source: The Guardian, 13-10-2025).

Attackers exploit Gladinet CentreStack/Triofox zero-day — Threat actors are actively exploiting an authentication-bypass flaw (CVE-2025-11371) in Gladinet file-sharing products; mitigations are available while patches are pending (10-10-2025) [Global]. Asset owners should identify exposed instances, apply vendor guidance, review access logs for indicators, and isolate compromised nodes (Source: BleepingComputer, 10-10-2025).

Apple doubles top bounty to $2M for zero-click RCE — Apple increased maximum payouts in its security bounty programme, elevating rewards for zero-click remote code execution to incentivise responsible disclosure (11-10-2025) [Global]. Higher payouts can shift exploit economics and encourage earlier reporting, giving defenders more time to patch high-impact bugs (Source: BleepingComputer, 11-10-2025).

Officials flag ‘inflation refund’ smishing targeting New York — Law enforcement and state agencies warned residents about texts impersonating the Department of Taxation and Finance to harvest PII and payment data (12-10-2025) [US]. Public-private reporting channels and rapid domain takedowns are key to curbing campaign reach and supporting victim remediation (Source: BleepingComputer, 12-10-2025).

Texas agencies coordinate response to city cyberattack — Following a municipal network intrusion, state and federal partners engaged to restore services and assess potential criminal activity (11-10-2025) [US]. Cross-jurisdictional collaboration illustrates how fusion centres and MOU frameworks accelerate evidence handling and threat disruption (Source: The Record, 11-10-2025).

Germany signals opposition to EU ‘chat control’ scanning — German officials reaffirmed they will not support proposals requiring client-side scanning of private messages as EU talks near a decision point (09-10-2025) [EU]. The stance underscores encryption’s policy salience for defenders and may shape compliance expectations for messaging providers operating in Europe (Source: TechRadar, 09-10-2025).

CISA KEV catalog: check newly added exploited CVEs — CISA’s KEV remains the authoritative list of actively exploited vulnerabilities; recent additions reinforce patch-prioritisation for enterprise risk reduction (updated 06-10-2025 and 07-10-2025) [US]. Map KEV items to your asset inventory and SLAs to ensure time-bound remediation aligned with agency or sector deadlines (Source: CISA, 07-10-2025).

EU NIS2 transposition tracker for compliance planning — ECSO’s live tracker aggregates Member State progress on implementing NIS2, helping organisations anticipate national obligations and deadlines (accessed 13-10-2025) [EU]. Use it to align board-level accountability, incident reporting thresholds, and supplier controls across jurisdictions (Source: ECSO, 2025).