Uvalde CISD to resume classes after ransomware forces week-long closure — District systems (phones, HVAC, CCTV, payroll) were disrupted; recovery staging and assurance checks push reopening to Monday (2025-09-18) [North America]. Takeaway for IR teams: prioritize OT/IoT dependencies and safety-critical services in playbooks; coordinate law enforcement and insurer response lines early (Source: San Antonio Express-News, 2025-09-18).

New York Blood Center discloses breach impacting ~194k individuals — Exposed data includes SSNs, IDs and medical information; notifications and identity protection are underway (2025-09-18) [North America]. DFIR lens: healthcare PHI/PII triage should pair data-minimization reviews with tailored victim contact plans when providers lack direct patient contact data (Source: Tom’s Guide, 2025-09-18).

NCA charges two over TfL attack; Scattered Spider links examined — UK prosecutors detail unauthorized access and device-password non-disclosure charges tied to 2024 TfL intrusion (2025-09-18) [Europe]. Parallel U.S. filings expand the investigative picture across 120+ intrusions, enabling cross-border evidence development (Source: NCA, 2025-09-18).

INTERPOL’s Asia conference convenes on cybercrime trends and tactics — 165 participants from 49 countries meet in Singapore to coordinate on cybercrime, fraud and digital exploitation (2025-09-18) [Asia]. The forum supports deconfliction and intelligence sharing that often seeds later arrests and infrastructure takedowns (Source: INTERPOL, 2025-09-18).

Ransomware shutters Uvalde schools for a week; safety systems affected — Critical systems (AC, security cameras, comms) were impacted; classes restart after staged recovery (2025-09-18) [North America]. Incident highlights OT adjacency risks in K-12 and the value of pre-approved “learning-loss” mitigation plans (Source: San Antonio Express-News, 2025-09-18).

Goshen Medical Center notifies 456k patients after July breach review — Confirmed exposure includes SSNs, DL numbers and MRNs; 24-month credit monitoring offered (2025-09-18) [North America]. Health sector continues to see large-scale disclosures months after containment, stressing backlog in forensic data review (Source: HIPAA Journal, 2025-09-18).

New York Blood Center breach exposes identities and medical data — Nearly 194k affected; unauthorized access window ran January 20–26, 2025 (2025-09-18) [North America]. Post-incident, providers urge direct outreach by potentially affected patients due to contact data gaps (Source: Tom’s Guide, 2025-09-18).

Google patches actively exploited Chrome zero-day (CVE-2025-10585) — Type confusion in V8 under active exploitation; admins should expedite stable channel updates fleet-wide (2025-09-18) [Global]. Web-exposed endpoints and unmanaged browsers remain high-risk—tighten update SLAs and monitoring (Source: The Hacker News, 2025-09-18).

Microsoft & Cloudflare disrupt rapid-growth phishing-as-a-service — Action targeting “RaccoonO365” curbs M365 credential theft infrastructure; defenders should refresh domain and IP blocks (2025-09-18) [Global]. Expect quick operator reconstitution—use adaptive detections beyond IOCs (Source: Malwarebytes Labs, 2025-09-18).

DoJ charges UK national over multiple cyberattacks incl. critical infrastructure — Complaint unsealed details conspiracies spanning 120+ intrusions and $100M+ in ransom-linked harms (2025-09-18) [North America/Europe]. Cross-designation cases underscore U.S.–UK coordination on transnational actors (Source: U.S. DoJ, 2025-09-18).

Two charged in the UK over multi-million-pound TfL cyberattack — Charges include conspiracy to commit unauthorized acts; case linked publicly to Scattered Spider tradecraft (2025-09-18) [Europe]. The charges follow joint work by NCA, City of London Police and FBI partners (Source: NCA, 2025-09-18).

INTERPOL convenes Asia security leaders on cyber and fraud networks — Two-day IGCI summit supports casework coordination and infrastructure takedown readiness (2025-09-18) [Asia]. Expect follow-on joint ops and increased information-sharing taskings (Source: INTERPOL, 2025-09-18).

UK publishes final Cyber Growth Action Plan — Policy paper to Parliament outlines measures to scale cyber skills, exports and R&D across the UK ecosystem (2025-09-19) [Europe]. CISOs should watch for funding calls and procurement levers shaping SME supply-chain assurance (Source: GOV.UK, 2025-09-19).

NIST publishes SP 800-227 on Key Encapsulation Mechanisms (KEMs) — New guidance describes definitions and secure use of KEMs in modern cryptography (2025-09-18) [North America]. Cryptographic roadmap item for PQC migrations and hybrid schemes planning (Source: NIST CSRC, 2025-09-18).

NIST releases SP 1800-37 on enterprise visibility with TLS 1.3 — Final practice guide addresses monitoring blind spots introduced by modern cryptography (2025-09-17) [North America]. Compliance tie-ins for logging/monitoring controls and encrypted traffic analytics (Source: NIST CSRC, 2025-09-17).