[EMEA] The University of Nottingham breach reportedly exposed student and alumni records across UK and overseas campus-linked systems, with ShinyHunters claiming responsibility for the attack. Investigators will need to correlate Campus Solutions access records, affected data categories, notification timelines, Action Fraud reporting, ICO engagement and third-party claims about copied records before relying on actor statements (Source: ITPro, 13-06-2026).

[AMER] A former Iowa school district IT employee was sentenced after a prolonged attack disrupted classroom operations, deleted accounts and caused financial damage to his former employer. The case highlights the evidential value of administrator account logs, termination controls, privileged access records, deleted identity objects and internal helpdesk artefacts in insider-driven school network investigations (Source: BleepingComputer, 13-06-2026).

[APAC] Researchers reported that Chinese hackers hijacked an organisation’s authentication flow and maintained visibility over administrative activity on an isolated network for around a decade. The investigation turns on identity-stack manipulation, persistence across externally limited environments, administrator workflow observation, credential trust relationships and long-term telemetry gaps that can obscure espionage activity (Source: BleepingComputer, 13-06-2026).

[AMER] Google confirmed that a PeopleSoft zero-day mitigated by Oracle had been exploited by ShinyHunters to steal data from affected organisations. Investigators should focus on unauthenticated access paths, PeopleTools version exposure, web application logs, exfiltration staging, actor infrastructure overlap and victim-notification evidence linking application exploitation to downstream data-theft claims (Source: SecurityWeek, 12-06-2026).

[EMEA] Iran said a limited cyberattack disrupted services at four major banks after attackers targeted shared communications infrastructure used by the institutions. The investigation should preserve banking gateway logs, shared network dependency records, service-restoration timelines and official assertions that no customer data was deleted or compromised during mitigation activity (Source: Reuters, 14-06-2026).

[APAC] South Korea fined Coupang $409 million in the country’s largest data breach penalty following regulatory findings tied to customer information exposure. Investigators and compliance teams should examine data-access controls, breach notification records, platform identity logs, remedial evidence and regulator findings to understand how operational weaknesses translated into a major enforcement outcome (Source: Reuters, 11-06-2026).

[AMER] Splunk released fixes for CVE-2026-20253, a critical Enterprise flaw enabling unauthenticated file operations and possible remote code execution. The most useful investigative artefacts include exposed Splunk management interfaces, version inventory, suspicious file-write events, scripted input changes, authentication anomalies and SIEM self-monitoring logs showing whether attackers reached monitoring infrastructure (Source: The Hacker News, 13-06-2026).

[GLOBAL] SecurityWeek reported exploitation attempts against Ivanti Sentry honeypots after disclosure of a critical command-injection vulnerability affecting exposed appliance deployments. Investigators should retain appliance access logs, outbound callback evidence, root-level command traces, network scanning indicators and patch-state records because perimeter appliances can provide attackers with high-value pivot points into protected environments (Source: SecurityWeek, 12-06-2026).

[AMER] The FBI and DOJ disabled 13 websites allegedly backed by suspected Chinese agents seeking sensitive information from U.S. security-clearance holders. Investigators can use the disruption to map credential-harvesting infrastructure, domain registration evidence, targeting language, victim interaction records and foreign intelligence collection indicators connected to clearance-focused social engineering (Source: FBI, 11-06-2026).

[AMER] Reporting said the FBI disrupted a large AI-powered phishing service that used roughly one million URLs to support credential theft at scale. The investigation is likely to depend on seized domains, hosting records, payment trails, phishing-kit artefacts, victim telemetry and automated content-generation evidence showing how artificial intelligence increased campaign volume (Source: BleepingComputer, 15-06-2026).

[AMER] Reuters reported that U.S. federal agencies must now fix certain high-risk cyber flaws within three days as AI-enabled threats accelerate exploitation timelines. For investigators and governance teams, the policy compresses evidence-preservation windows, increasing the need to capture exposure records, remediation decisions and vulnerability-management audit trails before rapid patching changes system state (Source: Reuters, 10-06-2026).

[APAC] Australia’s ASD published updated June 2026 guidance for managing cyber security incidents across large organisations, infrastructure and government environments. The guidance reinforces preparation, reporting and evidence-aware handling, including incident classification, communication discipline, technical investigation support and the need to preserve information that may later support regulatory, operational or law-enforcement decisions (Source: ASD ACSC, 09-06-2026).