[AMER] Microsoft’s April Patch Tuesday fixed 165 vulnerabilities, including an in-the-wild SharePoint zero-day, making this one of the largest monthly security releases of the year and forcing responders to re-prioritise internet-exposed collaboration servers immediately. For DFIR teams, the combination of active exploitation and broad patch volume raises the chance of missed edge cases, so validation, hunting for pre-patch access, and rapid exception tracking matter as much as deployment speed. (Source: SecurityWeek, 14-04-2026)

[AMER] Adobe released APSB26-44 for Acrobat and Reader on Windows and macOS, addressing critical and important flaws that could enable arbitrary code execution or arbitrary file system read through widely used document workflows. Even without confirmed exploitation for this bulletin, the attacker utility of malicious PDF delivery keeps this squarely in incident response scope, especially for organisations that ingest external documents at scale or investigate email-borne intrusion chains. (Source: Adobe, 14-04-2026)

[EMEA] Reuters reported that Russia-linked hackers compromised more than 170 Ukrainian prosecutors’ and investigators’ email accounts, with exposed logs reviewed by researchers indicating at least 284 inbox intrusions across Ukraine and nearby states between September 2024 and March 2026. The case matters because leaked operator data gives defenders and investigators a rare view into espionage tradecraft, victim selection and possible counter-corruption targeting, making it valuable both for attribution work and legal evidence preservation. (Source: Reuters, 15-04-2026)

[EMEA] Sweden disclosed that a pro-Russian group attempted to disrupt a western Swedish thermal power plant in spring 2025, and officials said the actor was identified as having links to Russian intelligence and security services. Although the attack failed and the investigation is no longer open, the delayed public confirmation is significant for investigators because it underlines the evidentiary lag often seen in hybrid-attack attribution and the value of preserving industrial logs long after containment. (Source: Reuters, 15-04-2026)

[EMEA] Basic-Fit, Europe’s largest gym chain, said a breach affected roughly one million members, with stolen data including names, contact details, dates of birth and in some cases bank account information across several European countries. For defenders, this is a reminder that consumer-facing membership platforms remain high-value aggregation points where rapid disclosure, jurisdiction-aware notification, and fraud monitoring have to move in parallel once exfiltration is confirmed. (Source: SecurityWeek, 14-04-2026)

[AMER] RCI Hospitality disclosed a cyber incident tied to an insecure direct object reference weakness in an IIS web server, with unauthorised access exposing sensitive data belonging to numerous independent contractors rather than customers or core financial systems. The incident matters because it shows how a comparatively basic application-logic flaw can still trigger material breach handling, identity-risk exposure, and difficult questions over whether unauthorised access stemmed from malicious abuse or disputed vulnerability discovery. (Source: SecurityWeek, 14-04-2026)

[APAC] Security researchers said the Triad Nexus network has evaded earlier sanctions by laundering infrastructure through front companies and geo-fenced operations, while continuing to underpin pig-butchering scams, money laundering and related criminal services with losses exceeding $200 million. This matters to threat intelligence teams because sanctions pressure alone is not collapsing abusive backend ecosystems, so defenders need better infrastructure clustering, provider engagement and entity-resolution work to spot recycled criminal hosting before it is reused. (Source: SecurityWeek, 14-04-2026)

[EMEA] The Record detailed JanaWare, a ransomware strain focused on Turkish residents and businesses, using phishing-delivered Java malware, Turkish-language ransom notes, and locale plus geolocation checks to stay tightly scoped and harder for outside researchers to analyse. The campaign is important because it shows how lower-ransom, regionalised operations can persist below the global noise floor, meaning threat teams should watch for country-specific tooling, language gates and small-loss clusters that may otherwise escape escalation. (Source: The Record, 14-04-2026)

[AMER] Authorities in the United States, United Kingdom and Canada said Operation Atlantic identified more than $45 million in stolen cryptocurrency and froze about $12 million connected to large-scale crypto theft schemes. For cybercrime investigators, the action highlights how cross-border asset tracing is becoming more operationally central, with rapid wallet identification and freeze coordination now just as important as arrest activity in disrupting online fraud economies. (Source: SecurityWeek, 13-04-2026)

[AMER] The U.S. Department of Justice opened a compensation process for victims of the OneCoin fraud, saying more than $40 million in forfeited assets is available for people who bought the fake cryptocurrency between 2014 and 2019. The move matters because it shows mature cyber-enabled fraud cases increasingly extending beyond prosecution into restitution workflows, creating fresh evidentiary and victim-notification demands for investigators, analysts and support teams. (Source: U.S. Department of Justice, 13-04-2026)

[EMEA] Reuters reported that UK financial regulators, the Treasury and the National Cyber Security Centre were in urgent talks with major banks and market participants about cyber risks posed by Anthropic’s latest model, Claude Mythos Preview. The policy significance is immediate: supervisory attention is shifting from abstract AI governance to concrete operational resilience questions, which means firms may need faster pathways for model-risk escalation, third-party assurance and sector-wide defensive coordination. (Source: Reuters, 12-04-2026)

[EMEA] Bank of England Governor Andrew Bailey said regulators must quickly understand the implications of Anthropic’s new model, warning that its ability to identify exploitable weaknesses could create major cybersecurity dangers for critical financial systems. That comment matters because it signals a higher regulatory baseline for AI-enabled cyber risk, likely pushing boards and resilience teams to treat offensive-capability testing and vulnerability-discovery acceleration as near-term governance issues rather than future strategy debates. (Source: Reuters, 14-04-2026)

[AMER] NIST released the latest draft of CSWP 50, “Small Business Cybersecurity: Non-Employer Firms,” opening comments through 14 May and updating long-running guidance for the smallest organisations using the Cybersecurity Framework 2.0. The draft is useful beyond microbusinesses because it gives consultants, insurers and compliance teams a cleaner baseline for right-sized controls, helping reduce the gap between enterprise frameworks and the realities of low-complexity environments. (Source: NIST, 14-04-2026)

[EMEA] ENISA’s 2026 European Cybersecurity Certification Conference opened in Cyprus with a programme centred on certification as Europe’s trust backbone, including sessions on CSA2 and the evolving European cybersecurity certification framework. For compliance teams, the timing is important because it shows certification moving from policy concept toward implementation detail, which will shape product claims, procurement language and preparedness for future EU assurance expectations. (Source: ENISA, 15-04-2026)

[EMEA] Booking.com said unauthorised third parties accessed some guests’ reservation-linked information, including names, email addresses, phone numbers and details shared with accommodation providers, although it said financial data was not exposed and the issue was contained. The breach is especially relevant for consumer-risk teams because travel data supports convincing follow-on phishing and social engineering, turning even limited reservation exposure into a broader fraud problem across channels. (Source: SecurityWeek, 13-04-2026)

[EMEA] A Milan court accepted a class action against Meta over the Facebook scraping incident disclosed in 2021, with the consumer group seeking compensation tied to the theft of personal data affecting around 533 million users globally. Although the underlying exposure is older, the ruling matters now because it shows privacy harm from mass scraping continuing to generate legal and compensation risk, keeping historical data security failures operationally relevant for platform providers. (Source: Reuters, 14-04-2026)