Synnovis confirms scope of London NHS ransomware fallout — On 13-11-2025, pathology provider Synnovis reported that personal data stolen during the June 2024 Qilin ransomware attack affected patients across multiple London hospital trusts after a year-long forensic reconstruction of fragmented systems (13-11-2025) [EU]. The case highlights how complex healthcare environments can prolong incident response, complicate patient notification, and raise regulatory exposure under GDPR, underscoring the need for robust backups and structured data management in hospital networks (Source: SecurityWeek, 13-11-2025).

Inside the Ingram Micro ransomware attack: lessons for zero trust — On 13-11-2025, analysis of the Ingram Micro ransomware incident detailed how attackers moved laterally inside the global distributor’s environment before being contained, triggering a major business disruption (13-11-2025) [Global]. The write-up stresses that earlier detection, tighter identity controls and zero-trust segmentation are critical for DFIR teams seeking to limit blast radius and preserve forensic visibility in large hybrid infrastructures (Source: SecurityBoulevard, 13-11-2025).

Canadian police investigation disrupts online sextortion scheme — Thunder Bay Police reported on 14-11-2025 that their Cyber Crime Unit’s months-long investigation into an online extortion case led to the arrest of a local suspect accused of coercing a remote victim for explicit images (14-11-2025) [AMER]. The case underlines how local forces are building specialist digital forensics capability to trace cross-jurisdictional offenders, preserve online evidence and support victim-centred investigations into technology-enabled abuse (Source: Thunder Bay Police Service, 14-11-2025).

Singapore Police probe transnational scam and cyber offences — On 13-11-2025, Singapore’s police detailed investigations that led to two men being deported from Thailand and Cambodia to face charges including abetment to unauthorised access to computer material in large-scale scam operations (13-11-2025) [APAC]. The case illustrates growing regional collaboration on digital evidence sharing and the need for investigators to track financial flows, infrastructure and compromised accounts across borders when dismantling scam-as-a-service networks (Source: Singapore Police Force, 13-11-2025).

Washington Post confirms breach exposing staff records — On 14-11-2025, the Washington Post disclosed that a targeted attack linked to the Clop ransomware group exposed sensitive personal data of nearly 10,000 current and former employees and contractors after compromising a third-party system (14-11-2025) [AMER]. The incident reinforces the risk of supply-chain breaches for media organisations and highlights the need for DFIR teams to monitor third-party access, tighten vendor security requirements and prepare communication plans for high-profile data leaks (Source: Computing, 14-11-2025).

NHS named in Clop campaign exploiting Oracle zero-days — Reporting on 13-11-2025 revealed that the Clop ransomware gang has listed the UK National Health Service among more than 40 organisations allegedly compromised via Oracle E-Business Suite zero-day exploits, although no NHS data has yet been leaked (13-11-2025) [EU]. For defenders, the campaign underscores how enterprise ERP platforms are becoming high-value targets and why rapid patching, detailed logging and cross-system forensic correlation are essential when zero-day supply-chain attacks surface (Source: GovInfoSecurity, 13-11-2025).

CISA and partners update #StopRansomware advisory on Akira — On 13-11-2025, CISA and international partners issued an updated advisory on Akira ransomware, adding new tactics including encryption of Nutanix AHV virtual machine disks and exploitation of CVE-2024-40766 to expand beyond VMware ESXi and Hyper-V (13-11-2025) [Global]. The update gives DFIR teams fresh indicators, playbook guidance and mitigations for defending mixed-hypervisor environments and highlights how rapidly ransomware operators pivot tooling across on-prem and cloud workloads (Source: CISA, 13-11-2025).

NHS warns on exploitation of WatchGuard Firebox OS flaw — An NHS cyber alert on 13-11-2025 warned UK health organisations that a critical WatchGuard Firebox OS vulnerability is being actively exploited in the wild, urging urgent application of vendor updates and configuration hardening (13-11-2025) [EU]. For security teams managing edge firewalls and VPN gateways, the alert reinforces the need for continuous monitoring of management interfaces, tight access controls and rapid patch pipelines for perimeter devices (Source: NHS Digital, 13-11-2025).

Critical Dell Data Lakehouse vulnerability enables remote code execution — On 13-11-2025, Dell disclosed DSA-2025-375, a critical remote code execution issue in Dell Data Lakehouse that can be exploited in certain high-privilege deployment scenarios, with remediation requiring upgrade to version 1.6.0.0 or later (13-11-2025) [AMER]. Organisations using the platform for analytics should treat patching as a priority and ensure DFIR teams understand where sensitive datasets reside, as exploitation could lead to stealthy manipulation or exfiltration of large data lakes (Source: CyberPress, 13-11-2025).

Imunify360 flaw exposes millions of Linux web servers — Research published on 14-11-2025 describes a critical vulnerability in the Imunify360 security suite that could allow attackers to bypass protections and hijack shared hosting environments, with limited public guidance so far from the vendor (14-11-2025) [Global]. Because Imunify360 protects many cPanel and hosting provider platforms, DFIR and threat-intel teams should track exploit attempts, pressure suppliers for patches and prepare for multi-tenant compromises affecting large volumes of small websites (Source: GBHackers, 14-11-2025).

US student sentenced for large-scale cyber extortion campaign — On 13-11-2025, the US Department of Justice reported that a Worcester college student was sentenced to four years in prison after hacking multiple organisations, stealing millions of records and using the data to extort victims, causing an estimated 14 million dollars in damages (13-11-2025) [AMER]. The case demonstrates how aggressive charging decisions and detailed digital forensics can convert complex intrusion and extortion schemes into successful prosecutions that may deter would-be copycats (Source: US DoJ, 13-11-2025).

Alleged VenomRAT author arrested in Athens — Greek police announced on 14-11-2025 the arrest of a 38-year-old Albanian man in Athens, alleged to be the creator and seller of the VenomRAT malware used to steal credentials and cryptocurrency from hundreds of thousands of infected systems worldwide (14-11-2025) [EU]. The arrest, part of Europol’s Operation Endgame, shows how coordinated international investigations can not only seize infrastructure but also target developers behind remote-access tools that underpin many intrusion and fraud campaigns (Source: Reuters, 14-11-2025).

RCMP highlights Canadian role in Operation Endgame takedowns — On 13-11-2025, the Royal Canadian Mounted Police detailed how its cybercrime investigative team helped dismantle criminal infrastructure during Operation Endgame, contributing to the takedown or disruption of more than 1,000 servers and seizure of 20 domains supporting multiple malware families (13-11-2025) [AMER]. The operation underlines the importance for law-enforcement-adjacent DFIR teams to share telemetry, host data and malware analysis with cross-border task forces to enable coordinated strikes against resilient criminal ecosystems (Source: RCMP, 13-11-2025).

New UK cyber rules tighten oversight of tech suppliers and data centres — On 14-11-2025, legal analysis outlined how the UK’s proposed Cyber Security and Resilience Bill will impose tougher obligations and ICO oversight on medium and large IT, cybersecurity and data-centre providers serving critical sectors, including the NHS (14-11-2025) [EU]. DFIR and security leaders in managed service firms will need to evidence stronger controls, align with NCSC guidance and prepare for enhanced regulatory scrutiny of incident handling and client notification practices (Source: Pinsent Masons, 14-11-2025).

UK Cyber Resilience Bill aims to raise baseline for critical infrastructure — Reporting on 13-11-2025 explains that the UK Cyber Resilience Bill, now before parliament, extends NIS-style obligations to OT suppliers and managed service providers while enabling stronger penalties and emergency government powers for serious cyber incidents (13-11-2025) [EU]. For operators of essential services, the proposal signals a shift toward more prescriptive resilience obligations, making proactive risk assessments, incident exercises and supply-chain assurance programmes increasingly non-negotiable (Source: Industrial Cyber, 13-11-2025).

NIST updates mapping between ISO/IEC 27001:2022 and CSF 2.0 — On 13-11-2025, NIST’s OLIR catalogue entry for mapping ISO/IEC 27001:2022 to the NIST Cybersecurity Framework 2.0 was updated, refining how control requirements align with the framework’s functions and categories (13-11-2025) [AMER]. Compliance and DFIR teams can use the refreshed mapping to harmonise audits, risk reporting and incident-response requirements across international standards, reducing duplication when evidencing security posture to regulators and customers (Source: NIST CSRC, 13-11-2025).

New guide summarises 2025 cybersecurity standards landscape — A 11-11-2025 practitioner guide reviews key cybersecurity frameworks and standards, grouping them into technical, organisational and legal categories to help organisations design layered control environments (11-11-2025) [Global]. For CISOs and compliance leads, the overview offers a useful checklist when mapping DFIR processes, logging requirements and supplier expectations against overlapping standards such as NIST CSF, ISO 27001 and sector-specific regulations (Source: Auditive.io, 11-11-2025).

Guidance highlights AI risk management duties for local authorities — On 12-11-2025, commentary for UK local government lawyers outlined governance steps councils should take to manage AI risks, stressing data protection, cybersecurity controls and accountability when deploying AI-enabled services (12-11-2025) [EU]. For public-sector DFIR and risk teams, the piece reinforces that AI projects must be embedded into existing assurance, logging and incident-handling frameworks rather than treated as separate experimental systems (Source: Local Government Lawyer, 12-11-2025).