Texas district closes four days after ransomware disrupts safety and operations systems — Uvalde CISD cancelled classes Monday–Thursday after phones, HVAC controls, security cameras and SIS access were hit; the FBI and incident responders are investigating (15-09-2025) [US]. The outage underscores the DFIR need to inventory and recover operational tech (HVAC/CCTV/telephony) alongside IT, with safety gating reopening decisions (Source: News 4 San Antonio, 14-09-2025).

Karnataka reports ₹861 crore cyber fraud Jan–Jul; expands CID-led cyber labs and training — State figures detail rising losses and the rollout of 43 cybercrime stations plus mobile, network and malware analysis labs under the CID (14-09-2025) [IN]. The investment reflects a global shift toward faster device triage and scalable digital forensics capacity outside capital-city hubs (Source: Times of India, 14-09-2025).

INC group claims 1.5 TB theft from Panama’s finance ministry; officials confirm intrusion — The ministry reported a workstation compromise and says core platforms remain operational while containment and assessment continue (15-09-2025) [PA]. If validated, email and financial document exposure raises third-party and procurement risk across government counterparties (Source: Newsroom Panama, 14-09-2025).

Texas General Land Office confirms exposure of 44,485 disaster-relief applicants — A grants-system issue allowed cross-user data viewing; agencies are notifying victims, rotating credentials and auditing access controls (11-09-2025) [US]. Public-sector grant portals should enforce strict tenant isolation and red-team for broken access control to protect sensitive relief data (Source: Cybersecurity Dive, 12-09-2025).

Samsung patches Android zero-day (CVE-2025-21043) exploited in the wild; update now — The flaw in libimagecodec.quram.so enables RCE via malicious images; reports link exploitation to spyware activity, with patches landing in the September update (15-09-2025) [Global]. DFIR should capture patched build IDs, suspicious image artefacts and any exploit chains seen on devices during handset triage (Source: The Hacker News, 13-09-2025).

Australia: AFP charges NSW man over mobile-phishing campaign targeting telco customers — Devices, SIMs and cash were seized; the suspect faces court as digital forensics proceeds on phones and infrastructure (15-09-2025) [AU]. The case highlights persistent SMS lures and the evidential value of handset images, SIM activity and message templates (Source: AFP News Centre, 15-09-2025).

South Australia: joint AFP/SAPOL operation arrests six over online child-exploitation offences — Multiple warrants during National Child Protection Week led to arrests and device seizures; forensic exams are underway to identify further victims (14-09-2025) [AU]. Coordinated teams and rapid lab triage are central to protecting victims and securing admissible digital evidence (Source: South Australia Police, 14-09-2025).

NIST DevSecOps (SP 1800-44A IPD): public comment window closes — NIST NCCoE closed comments on 14-09-2025 and will iterate guidance for secure SDLC tooling and pipelines (14-09-2025) [US]. CISOs can pre-stage alignment by mapping current CI/CD controls and documenting gaps to accelerate adoption when the next draft lands (Source: NIST NCCoE PDF, 14-09-2025).

DevSecOps readiness: map controls and evidence to SP 1800-44A draft now — With comments closed on 14-09-2025, compliance teams can create control mappings (build signing, SBOM, gate checks) and store audit artefacts against the IPD to reduce lift on the next revision (14-09-2025) [Global]. This proactive approach supports certification narratives and speeds risk acceptance decisions (Source: NIST CSRC News, 2025).