CISA releases eight ICS advisories — Fresh advisories for Schneider Electric, Siemens and others outline remotely exploitable flaws and mitigation steps across OT environments (2025-09-16) [Global]. Utility and manufacturing IR teams should map affected assets and schedule patches/compensating controls to reduce lateral-movement exposure (Source: CISA, 2025-09-16).

Vietnam central bank probes credit bureau breach — The State Bank of Vietnam confirmed an investigation into a hack of its National Credit Information Center (CIC), with ShinyHunters claiming the incident (2025-09-15) [Vietnam]. Investigators are assessing scope and data provenance to support downstream notification and fraud-monitoring actions (Source: BankInfoSecurity, 2025-09-15).

Police arrest suspect in ₹5.6 crore multi-state cyber-fraud — Jaipur police detained a 54-year-old tied to 33 cases spanning several Indian states, alleging use of mule accounts for high-value scams (2025-09-17) [India]. Casework underscores money-flow tracing and account-freezing as key investigative levers (Source: Times of India, 2025-09-17).

JLR extends production shutdown after cyber-attack — Jaguar Land Rover pushed its controlled restart to at least 24 Sept while restoring systems following a disruptive attack (2025-09-16) [UK/Global]. Prolonged outages illustrate OT/IT dependencies and supplier knock-ons for automotive manufacturing resilience (Source: The Guardian, 2025-09-16).

Kering confirms customer data theft across luxury brands — Personal details for customers of Gucci, Balenciaga and Alexander McQueen were exposed in a June breach disclosed this week (2025-09-15) [France/Global]. Luxury retail exposure highlights long-tail risks to VIP privacy and fraud from historical purchase records (Source: Reuters, 2025-09-15).

Report: Vietnam credit database breach impacts up to 160M records — Local reporting details a massive compromise of state-run CIC datasets with significant identity-theft ramifications (2025-09-17) [Vietnam]. Organizations with Vietnam exposure should heighten fraud detection and credential-reuse monitoring (Source: Asia Times, 2025-09-17).

Apple patches ImageIO zero-day (CVE-2025-43300) — Emergency updates fix an out-of-bounds write exploited in targeted attacks; Apple advises immediate installation on impacted iOS/iPadOS devices (2025-09-17) [Global]. Prioritize out-of-band updates and review threat-intel for targeting of high-risk users (Source: CSO Online, 2025-09-17).

Round-up: Apple addresses dozens of vulnerabilities — Coverage summarizes the latest fixes and notes multiple Apple CVEs appearing in CISA’s KEV list this year (2025-09-17) [Global]. Enterprises should align mobile fleet updates with high-risk user protection programs (Source: CyberScoop, 2025-09-17).

Singapore Police arrest three over fake bulk-order scams — Two men and a woman were detained over scams impersonating Singapore Armed Forces personnel, with losses of at least S$32,000 (2025-09-16) [Singapore]. The case reflects cross-channel social engineering and logistics fraud tactics (Source: Singapore Police Force, 2025-09-16).

Mumbai crime branch busts call centre targeting U.S. victims — Police raided an unauthorized operation alleged to impersonate antivirus providers and funnel gift-card proceeds into crypto (2025-09-16) [India]. Seizures included laptops, phones and infrastructure used in tech-support scams (Source: Times of India, 2025-09-16).

ENISA issues eHealth good-practice guide for NIS2 implementation — Practical security measures and workforce guidance released alongside the eHealth Security conference (2025-09-16) [EU]. Health entities should map recommendations to NIS2 obligations and incident-response readiness (Source: ENISA, 2025-09-16).

UK Hansard notes joint cyber advisory activity — Commons record references the NCSC’s role in a US-led technical advisory addressing state-sponsored threats (2025-09-15) [UK]. Signals continued emphasis on partner-led warnings and coordinated guidance (Source: UK Parliament Hansard, 2025-09-15).

OFSI Frozen Assets Reporting notice (2025) — UK firms must report funds/economic resources of designated persons as of 30 Sept, with submissions due by 30 Nov (2025-09-11) [UK]. Sanctions compliance teams should coordinate data pulls, valuations and single-point submission ownership (Source: HM Treasury/OFSI, 2025-09-11).