[AMER] Nintendo of America confirmed that employee survey data was stolen through TinyPulse, a third-party WebMD subsidiary service, while stating its own systems were not compromised. Investigators should separate supplier evidence from Nintendo infrastructure, preserving service-provider logs, survey datasets, extortion posts, employee identifiers, contractual records and notification decisions before attributing exposure or excluding internal compromise (Source: BleepingComputer, 18-06-2026).

[AMER] Kodak confirmed a data breach after ShinyHunters claimed it had stolen more than two million records and threatened publication unless a ransom was paid. The investigative challenge is to correlate actor claims with exposed data samples, corporate access logs, affected customer records, extortion timelines, internal system evidence and any third-party hosting or transfer artefacts (Source: SecurityWeek, 18-06-2026).

[GLOBAL] CISA warned organisations to harden internet-accessible Fortinet devices after reports that malicious actors targeted FortiGate and VPN portals and exposed credentials from earlier brute-force and credential-stuffing activity. Investigators should preserve VPN logs, authentication failures, password-reset timelines, affected credential lists, administrator access records and evidence of any post-credential intrusion activity (Source: CISA, 18-06-2026).

[EMEA] Research on Gentlemen ransomware showed the group maintaining multiple endpoint detection and response killers, including GentleKiller variants that use vulnerable drivers and impersonate legitimate products. Investigators should focus on driver-loading evidence, kernel-level privilege escalation, process-kill telemetry, invalid digital signatures, packed binaries and links between defensive-tool suppression and later encryption or data-theft phases (Source: BleepingComputer, 18-06-2026).

[EMEA] FulcrumSec claimed a major hack of Novo Nordisk and an attempted $25 million extortion after alleging theft of source code, drug data, clinical trial material and personal information. The investigation should test the actor’s claims against Novo Nordisk’s incident statements, authority cooperation, network access evidence, claimed contact timeline, data-sample provenance and any unauthorised movement from internal systems (Source: Reuters, 16-06-2026).

[APAC] Mackay Sugar continued restoring systems after a cyberattack disrupted operations at major Queensland sugar mills and the Gentlemen ransomware group claimed responsibility. Investigators should preserve mill-control recovery timelines, IT-environment access evidence, dark-web claim material, harvesting disruption records, supplier communications and evidence supporting the company’s efforts to verify whether information was accessed (Source: The Record, 18-06-2026).

[GLOBAL] F5 issued out-of-band patches for critical NGINX vulnerabilities that could allow denial-of-service or code execution in certain vulnerable configurations. Investigators and defenders should capture NGINX version inventories, HTTP/3 exposure, proxy and gRPC module settings, worker-process crashes, unusual request patterns, mitigation decisions and patch evidence before configuration changes remove useful artefacts (Source: BleepingComputer, 18-06-2026).

[AMER] CISA added a newly exploited vulnerability to its Known Exploited Vulnerabilities catalogue, requiring federal agencies and exposed organisations to prioritise remediation based on evidence of active exploitation. Investigation teams should retain vulnerability-management records, exposed asset inventories, exploitation indicators, patch approval decisions and post-remediation validation evidence so later reviews can determine whether compromise preceded mitigation (Source: CISA, 18-06-2026).

[AMER] The FBI, Google and Lumen dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation linked to mass phishing URLs, stolen payment-card data and large financial losses. Investigators should examine seized servers, Telegram bot data, domain redirections, Shopify storefront records, cryptocurrency traces, phishing-template libraries and AI-assisted site-generation evidence connected to victim targeting (Source: Tom's Hardware, 16-06-2026).

[AMER] The U.S. Department of Justice announced a False Claims Act settlement with Alabama defence contractor LOGZONE over alleged failure to comply with cybersecurity requirements in Navy contracts. The case shows how enforcement evidence can extend beyond breach artefacts into contract representations, control attestations, compliance records, audit trails and procurement documentation proving whether cyber obligations were met (Source: U.S. Department of Justice, 18-06-2026).

[EMEA] The EU cybersecurity agency ENISA was due to meet Anthropic after U.S. restrictions affected foreign access to advanced cybersecurity-focused AI models. The policy significance lies in cross-border access controls, dual-use model governance, regulatory oversight, evidence of authorised users and the need to document how AI-enabled vulnerability discovery is controlled across jurisdictions (Source: Reuters, 17-06-2026).

[EMEA] The UK NCSC issued advice following global targeting of Fortinet firewalls and VPN gateways after a credential database was leaked by a threat actor. The guidance supports governance teams by linking credential-stuffing exposure, perimeter-device hardening, reset activity, monitoring expectations and UK-specific impact assessment into a defensible evidence trail for assurance and incident review (Source: NCSC, 18-06-2026).