Microsoft revokes 200+ code-signing certs used in Rhysida installers — Microsoft disrupted a wave of Rhysida ransomware attacks by invalidating certificates used to sign malicious Microsoft Teams installers (16-10-2025) [AMER]. IR teams should purge trust stores, re-baseline application allowlists, and hunt for fake Teams MSI artifacts to prevent lateral movement and secondary payloads (Source: BleepingComputer, 16-10-2025).

CERT-NZ issues alert: security incident affecting F5/BIG-IP — New Zealand’s CERT published an alert on an active security incident impacting F5 and BIG-IP, guiding organisations to vendor updates and mitigations (16-10-2025) [APAC]. DFIR teams with exposed BIG-IP should review access logs for anomalous management-plane activity, rotate credentials, and apply vendor guidance immediately (Source: CERT-NZ, 16-10-2025).

Investigation ties F5 breach to China-backed operators — Sources told Reuters that US cybersecurity firm F5’s breach is attributed to state-linked Chinese hackers as forensics proceed (16-10-2025) [AMER]. If confirmed, defenders should expect follow-on exploitation of network gear customers and tighten supplier monitoring and credentials used with vendor portals (Source: Reuters, 16-10-2025).

Researcher uncovers ~178k exposed billing records — An open database believed to be linked to a billing platform left 178,519 files with PII and tax IDs accessible without authentication (15-10-2025) [Global]. Incident responders should anticipate identity-theft and invoice-fraud campaigns leveraging leaked data and advise clients to implement encryption-at-rest and access controls (Source: TechRadar Pro, 15-10-2025).

Sotheby’s notifies customers after data breach exposes financial information — The global auction house disclosed that attackers accessed sensitive customer data and began notifications following containment (16-10-2025) [EMEA]. High-net-worth targeting and art-market KYC files raise fraud risks; blue-chip firms should tighten third-party access and payment verification (Source: BleepingComputer, 16-10-2025).

NOVA claims attack on Malaysia’s Regency Specialist Hospital — Leak-site monitoring flagged a claim against a Malaysian healthcare provider on 16 October with alleged data exposure (16-10-2025) [APAC]. Healthcare targets face operational disruption and sensitive PHI leakage, requiring contingency plans and regulatory notification workflows (Source: ransomware.live, 16-10-2025).

Five US healthcare providers warn patients of cyberattacks and data breaches — Providers in AL, CT, IL, CA and FL reported incidents affecting clinical and administrative systems with ongoing notifications (16-10-2025) [AMER]. Sector-wide targeting underscores vendor risk and the need for segmented networks, immutable backups, and tested downtime procedures (Source: HIPAA Journal, 16-10-2025).

CISA publishes thirteen ICS advisories covering Siemens, Rockwell & others — The US agency released a batch of ICS vulnerability advisories on 16 October spanning multiple vendors and product lines (16-10-2025) [AMER]. OT defenders should map affected assets, assess exploitability, and plan maintenance windows to apply mitigations from specific ICSA notices (Source: CISA, 16-10-2025).

Rockwell FactoryTalk advisories republished with security updates — New and republished advisories address issues in FactoryTalk View ME/PanelView Plus and Linx components following vendor notices (16-10-2025) [AMER]. Environments running HMI/SCADA stacks should evaluate patch readiness and bolster network segmentation to limit potential impact (Source: CISA ICSA-25-289-01 / -02, 16-10-2025).

Windows 11 October updates break localhost HTTP/2 connections — Microsoft’s latest updates disrupted 127.0.0.1 HTTP/2 connectivity for some apps, impacting local tooling and test environments (16-10-2025) [Global]. SOC and IR tooling relying on local services may fail silently; teams should monitor agent health and apply vendor hotfixes/workarounds (Source: BleepingComputer, 16-10-2025).

INTERPOL border operation records arrests and intel gains — A 16 October update details a Mediterranean border-security sweep yielding arrests and intelligence on illicit travel networks (16-10-2025) [EMEA]. Cross-border cooperation and data-sharing models highlighted here mirror best practices needed for cyber-enabled crime and digital forensics exchanges (Source: INTERPOL, 16-10-2025).

UK ICO fines Capita £14m over 2023 cyber breach — The data-protection regulator penalised Capita after probes found security failings tied to a major 2023 incident (15-10-2025) [EMEA]. The case signals tougher post-incident enforcement and reinforces the need for privilege controls, monitoring and timely alert response (Source: Reuters, 15-10-2025).

California enacts 30-day breach notification deadline — New state legislation will require notifying affected residents within 30 calendar days of discovering a data breach (16-10-2025) [AMER]. Shorter statutory windows demand faster forensics, counsel coordination, and pre-approved comms templates to avoid penalties (Source: Consumer Finance & FinTech Law Blog (Troutman Pepper), 16-10-2025).

UK NCSC Annual Review 2025 outlines national cyber priorities — The review highlights rising ransomware, AI-enabled threats and a roadmap for resilience across critical sectors (14-10-2025) [EMEA]. Boards should align risk appetite and investment with the review’s guidance on incident preparedness and quantum-resistant planning (Source: NCSC Annual Review 2025 (PDF), 14-10-2025).

ISO/IEC 27701:2025 refreshes Privacy Information Management System guidance — ISO’s page notes the current edition of the PIMS standard supporting controllers and processors managing PII (14-10-2025) [Global]. Organisations aligning ISO/IEC 27001 with privacy controls should map updates to data-mapping, DPIA workflows and vendor oversight (Source: ISO, 14-10-2025).

ISO/IEC 27706:2025 strengthens accreditation for PIMS certification — The companion standard focuses on confidence and consistency in bodies certifying privacy systems (14-10-2025) [Global]. Stronger accreditation criteria should improve audit quality and cross-jurisdictional trust for compliance programmes (Source: ISO, 14-10-2025).