Royal Borough of Kensington and Chelsea Reveals Data Compromise After Cyber Attack — The Royal Borough of Kensington and Chelsea has confirmed that some resident data was copied in the suspected ransomware attack that hit three London councils, with forensic work still under way to scope the exposure (01-12-2025) [Europe-UK]. The case underscores how shared IT services can amplify impact and why DFIR teams need clear playbooks for tri-borough environments and long-tail data discovery. (Source: Infosecurity Magazine, 01-12-2025).

Fieldtex Products Cyberattack Exposes Health Plan Members’ PHI — Fieldtex Products disclosed that attackers accessed systems supporting over-the-counter healthcare fulfilment for health plans, prompting a third-party forensic investigation into what protected health information was accessed (01-12-2025) [North America-US]. The incident is another reminder that DFIR teams in healthcare must be ready to rapidly reconstruct access to mixed clinical/logistics environments to meet HIPAA breach-notification timelines and litigation risk. (Source: HIPAA Journal, 01-12-2025).

South Korean Police Probe Massive Coupang Data Leak — South Korean police and regulators have opened a formal investigation into Coupang after the e-commerce giant admitted that personal data from approximately 33.7 million customer accounts was exposed in a recent breach tied to an ex-employee (01-12-2025) [APAC-South Korea]. Investigators are now looking at insider access controls, logging and data-loss monitoring at hyperscale platforms, a pattern that should prompt other digital marketplaces to review privilege and audit models before regulators arrive. (Source: Reuters, 01-12-2025).

Oracle E-Business Suite Campaign Tied to Dartmouth College Breach — Dartmouth College confirmed that an investigation into a summer intrusion found attackers using Oracle E-Business Suite vulnerabilities to steal files containing Social Security numbers and financial account data from tens of thousands of individuals (27-11-2025) [North America-US]. The case forms part of a wider campaign against Oracle EBS customers and shows investigators how a single ERP zero-day can generate multi-sector breach work across education, media, aviation and more. (Source: Recorded Future News / The Record, 27-11-2025).

London Councils Launch Joint Probe After Cyber Attack — Following a disruptive cyber attack on a shared IT environment, London councils including Kensington and Chelsea have warned residents to be vigilant against suspicious messages while national agencies support the ongoing investigation (28-11-2025) [Europe-UK]. The multi-agency response illustrates how local-government incidents quickly escalate into complex digital investigations spanning central government, law enforcement and contracted forensic teams. (Source: The Guardian, 28-11-2025).

Coupang Breach Hits 33.7 Million Customer Accounts — Coupang apologised after revealing that attackers accessed data from 33.7 million customer accounts, one of South Korea’s largest known privacy incidents, with information reportedly exposed via a compromised employee account (30-11-2025) [APAC-South Korea]. The scale of the breach, combined with its insider dimension, makes it a defining test of how regulators and boards will treat access governance at platform companies that are effectively critical retail infrastructure. (Source: Reuters, 30-11-2025).

Ransomware on Georgia Court Authority Cripples Real Estate Transactions — A major cyberattack against the Georgia Superior Court Clerks’ Cooperative Authority has severely disrupted e-filing and property record systems, delaying real-estate closings and title searches across the state (30-11-2025) [North America-US]. The incident is a stark example of how attacks on judicial and land-registry systems can become de-facto national-level events by freezing economic activity, forcing incident responders to prioritise service restoration alongside data recovery. (Source: Breached.Company, 30-11-2025).

Asahi Cyberattack Leaks Data and Disrupts Logistics — Japanese beverage group Asahi confirmed that a September ransomware attack may have exposed personal data of around 1.5–2 million customers, employees and contacts, while also disrupting order processing and causing product shortages (27-11-2025) [APAC-Japan]. The company expects to restore normal logistics only by February 2026, highlighting how large-scale OT/IT disruptions can drag on for months and significantly impact financial reporting and supply chains. (Source: Reuters / Asahi Group Holdings, 27-11-2025).

Critical Apache bRPC Flaw (CVE-2025-59789) Exposes High-Performance Systems — Researchers disclosed a critical vulnerability in Apache bRPC that allows remote unauthenticated attackers to send crafted requests and crash or destabilise high-performance microservice environments using the framework (01-12-2025) [Global]. Organisations using bRPC in latency-sensitive services should assume weaponisation is imminent, tighten exposure of management endpoints and prioritise patching before denial-of-service or compromise cascades across distributed workloads. (Source: SecurityOnline, 01-12-2025).

Devolutions Server SQL Injection Bug (CVE-2025-13757) Threatens Privileged Access Stores — A new advisory details a critical SQL injection flaw in Devolutions Server that allows authenticated users to exfiltrate or modify sensitive data, alongside related issues exposing passwords and email service credentials (01-12-2025) [Global]. Because the platform centrally stores privileged accounts and access keys, threat actors who exploit these bugs could pivot quickly into domain controllers and cloud consoles, making immediate upgrades essential for PAM-dependent environments. (Source: GBHackers on Security, 01-12-2025).

CISA Flags OpenPLC and ScadaBR XSS Bug in KEV Catalog — CISA added an OpenPLC Webserver and ScadaBR cross-site scripting flaw (CVE-2021-26829) to its Known Exploited Vulnerabilities catalog after evidence that attackers are abusing the bug in the wild against industrial and lab environments (30-11-2025) [Global]. Asset owners running these OT-adjacent stacks now face short deadlines to patch or mitigate under federal directives, and DFIR teams should watch for abnormal engineering-station activity and unexpected script execution in HMI consoles. (Source: CyberSecurityNews / CISA, 30-11-2025).

IBM Rolls Up Multiple Product Fixes in AV25-790 Advisory — Canada’s Cyber Centre highlighted that IBM has issued a series of advisories between 24 and 30 November 2025 for multiple products, some addressing critical-severity flaws now captured under umbrella advisory AV25-790 (01-12-2025) [Global]. Security teams relying on IBM middleware and enterprise tooling should treat this as a coordinated patch event, aligning change windows and vulnerability scans to ensure older, unmaintained instances aren’t left as soft targets. (Source: Canadian Centre for Cyber Security, 01-12-2025).

Authorities Dismantle ‘Cryptomixer’ Laundering Platform — Law enforcement agencies in Switzerland and Germany, supported by Europol’s Joint Cybercrime Action Taskforce, have seized servers, the cryptomixer.io domain and more than €25 million in Bitcoin from the ‘Cryptomixer’ cryptocurrency mixing service used heavily by cybercriminals (01-12-2025) [Europe]. The takedown removes a laundering hub that processed over €1.3 billion in Bitcoin since 2016 and signals that mixers facilitating ransomware and darknet markets will face sustained infrastructure-level disruption. (Source: GBHackers on Security / Europol, 01-12-2025).

Hyderabad Police Arrest Suspects in ‘Digital Arrest’ Scam — Hyderabad’s Cyber Crime police arrested three people accused of posing as officials to coerce a 71-year-old victim into transferring ₹1.92 crore during a so-called “digital arrest,” part of a wider pattern of tech-enabled extortion calls (30-11-2025) [APAC-India]. The case illustrates how social-engineering-heavy frauds are blending video calls, spoofed identities and payment apps, and why cyber units must pair digital forensic work with financial-crime investigations to follow the money trail quickly. (Source: NDTV / Hyderabad Police, 30-11-2025).

UK Cyber Security and Resilience Bill Moves Forward — The UK government continued to advance its Cyber Security and Resilience Bill, which will introduce tougher resilience and reporting duties for operators of essential services and critical digital infrastructure (12-11-2025) [Europe-UK]. CISOs in scope should prepare for mandatory board-level accountability, enhanced incident reporting and alignment with NCSC guidance, treating the bill as a catalyst to formalise risk management beyond voluntary frameworks. (Source: UK Government / CSRB collection, 12-11-2025).

Cyber Extortion and Ransomware Reporting Bill Signals Mandatory Disclosure Trend — Legal briefings this month highlighted a proposed UK Cyber Extortion and Ransomware (Reporting) Bill that would require organisations to report ransom payments and extortion incidents to authorities (11-2025) [Europe-UK]. If progressed, this would shift ransomware from a purely operational problem into a regulated reporting obligation, influencing how incident commanders handle negotiations, cryptocurrency payments and board decisions under time pressure. (Source: Osborne Clarke Regulatory Outlook, 11-2025).

Coupang Breach Triggers Policy Scrutiny in South Korea — Following Coupang’s disclosure that tens of millions of customer records were compromised, South Korean lawmakers and regulators have demanded explanations and are weighing stronger oversight of large online platforms (30-11-2025) [APAC-South Korea]. The political backlash underlines that mega-breaches at “essential” digital services can rapidly become national-level policy debates, raising the bar for board engagement and regulatory compliance across the wider e-commerce sector. (Source: The Chosun Ilbo / Korean media, 30-11-2025).

NIST Updates CSF 2.0 Quick-Start Guide — NIST released an updated CSF 2.0 Quick-Start Guide aimed at helping organisations integrate the framework with enterprise risk management and workforce programmes, including new guidance around the ‘Govern’ function (26-11-2025) [Global]. For security leaders, the refresh is an opportunity to tie incident-response, asset management and supply-chain controls directly into ERM dashboards, making CSF-aligned evidence easier to present to regulators and auditors. (Source: IndustrialCyber / NIST, 26-11-2025).

PCI DSS v4.0.1 Becomes the Baseline for Cardholder Data Security — Commentators reiterated that PCI DSS v4.0.1 is now the effective standard for payment card data, with older versions retired at the end of 2024 and all 2025 assessments required to use the new requirements (12-11-2025) [Global]. Merchants and service providers processing card data need to ensure logging, segmentation and strong authentication controls meet v4.0.1 expectations, or face increased non-compliance exposure during both breaches and routine audits. (Source: Silver Lining / PCI SSC, 12-11-2025).

NCSC Annual Review 2025 Calls for Realistic Resilience Planning — The UK NCSC’s 2025 Annual Review warns that organisations should plan for scenarios where “screens go dark,” highlighting AI-enhanced ransomware and shrinking patch windows as key systemic risks (14-10-2025) [Europe-UK]. Combined with professional body commentary, the review pushes boards to treat resilience testing, backup design and incident-response rehearsals as core compliance evidence rather than optional good practice. (Source: NCSC / ICAEW, 14-10-2025).

ScrapMarket.in Data Breach Exposes 129k Customer Records — Researchers reported an underground listing for a ScrapMarket.in database allegedly compromised on 30 November 2025, including account credentials, business profile data and device identifiers for roughly 129,000 users (01-12-2025) [APAC-India]. For DFIR professionals this highlights the importance of validating leaked SQL samples, assessing whether production databases were directly exfiltrated, and hunting for reused credentials in downstream B2B and consumer-facing supply chains. (Source: Botcrawl, 01-12-2025).