Healthcare Interactive discloses breach affecting medical benefits data — The firm said it notified regulators after detecting an intrusion between 08-07-2025 and 12-07-2025, with investigation launched around 22-07-2025; notification letters began this week (01-10-2025) [US]. Forensic work will focus on scope and data types exposed, with healthcare fraud and follow-on phishing risks a key concern for affected members. (Source: DataBreaches.net, 01-10-2025).

Google adds AI ransomware detection to Drive for desktop — Google launched an open beta (30-09-2025) of an AI model trained on ransomware patterns that pauses syncing on suspicious mass encryption and offers version restore [Global]. IR teams should note endpoint coverage limits and ensure backups plus EDR are in place; the feature could reduce blast radius in cloud-sync scenarios. (Source: The Verge, 01-10-2025).

Akira ransomware probing MFA-protected SonicWall VPNs — Researchers report successful authentications despite OTP-MFA, with investigations into possible theft of seed data and suspected device-side weaknesses (28-09-2025) [Global]. SOCs should review VPN exposure, rotate seeds/keys, and monitor anomalous logins while vendors and CERTs continue coordinated analysis. (Source: BleepingComputer, 28-09-2025).

FEMA and CBP staff data stolen in government breach — Reported 01-10-2025, a hacker accessed data related to staff at FEMA and U.S. Customs and Border Protection; agencies are assessing scope and notifying impacted personnel [US]. Risks include targeted phishing and identity fraud against public sector workers; indicators and mitigations are expected as triage proceeds. (Source: Insurance Journal, 01-10-2025).

UK backs Jaguar Land Rover after disruptive cyberattack — The government issued a £1.5bn loan guarantee via UK Export Finance following an attack that hit operations and supply chains (30-09-2025) [UK/EU]. The intervention highlights systemic risk in manufacturing and the potential policy precedent for cyber incident backstops. (Source: Reuters, 01-10-2025).

CISA orders urgent action on Cisco ASA/FTD compromise — Emergency Directive 25-03 compels U.S. agencies to identify and mitigate potential compromises and disconnect unsupported ASA models by 30-09-2025; active exploitation noted (25-09-2025, updated within window) [US]. Enterprises should mirror the guidance: patching, hunting for IOC patterns, and removing end-of-support gear. (Source: CISA, 25-09-2025).

FreeIPA critical flaw (CVE-2025-7493) enables domain admin escalation — A Kerberos alias check weakness allows authenticated host users to escalate privileges to domain administrator; fixes are rolling out and exploitation risk is high in mixed Linux estates (01-10-2025) [Global]. Prioritise patching and audit service principals/aliases across identity infrastructure. (Source: SecurityOnline.info, 01-10-2025).

CISA issues fresh ICS advisories across multiple vendors — CISA released a batch of ICS alerts (30-09-2025) covering camera and industrial controller flaws with potential remote exploitation vectors [US/Global]. Operators should review vendor advisories, apply mitigations, and validate network segmentation around OT assets. (Source: CISA, 30-09-2025).

Singapore to charge 15 over scam-linked mule activities — Police announced charges from 01-10-2025 to 03-10-2025 including abetting unauthorised access to computer material and unlawful disclosure of national digital identity credentials (30-09-2025) [APAC]. The action underscores regional focus on mule networks that enable cyber-enabled fraud at scale. (Source: Singapore Police Force, 30-09-2025).

Cybersecurity Awareness Month 2025 launches with updated toolkits — CISA kicked off October’s campaign with resources and messaging for public/private sectors to boost basic controls and resilience (01-10-2025) [US]. Organisations can leverage the toolkit to amplify staff training and align with awareness KPIs during Q4. (Source: CISA, 01-10-2025).

AT&T breach settlement claims: consumer deadline reminder — Following two 2024 breaches, a proposed $177m settlement allows affected customers to submit claims of up to $7,500, with a deadline of 18-11-2025 (article updated 01-10-2025) [US]. Enterprises should anticipate employee queries and prepare internal guidance on documentation and identity protection. (Source: Investopedia, 01-10-2025).

Switzerland’s 24-hour cyber incident reporting rule takes effect — Critical sectors must report incidents within 24 hours starting 01-10-2025, with fines up to CHF 100,000 for non-compliance after the grace period [EU]. This accelerates timelines for internal detection, legal, and comms workflows across Swiss operations and suppliers. (Source: BleepingComputer, 2025 coverage; rule effective 01-10-2025).