Envoy Air confirms breach in Oracle-linked extortion wave — Envoy Air said it was hacked in recent days amid extortion attempts abusing Oracle E-Business Suite applications, with investigations underway and operations continuing (17-10-2025) [US]. DFIR teams should prepare for data-theft-plus-extortion playbooks and assess exposure to third-party ERP integrations commonly leveraged for initial access and data exfiltration (Source: Reuters, 17-10-2025).

Prosper breach impacts 17.6 million accounts, HIBP says — Have I Been Pwned warned that threat actors stole data on more than 17.6 million people from peer-to-peer lender Prosper, with notifications surfacing in the last 72 hours (16-10-2025) [US]. Incident responders should anticipate credential-stuffing fallout, prioritize password resets and dark-web monitoring, and validate data lineage to scope regulatory reporting (Source: BleepingComputer, 16-10-2025).

Airport PA systems hacked to broadcast extremist messages — Police in Canada and the US are investigating intrusions where airport public-address systems were used to play propaganda messages, with federal agencies assisting affected facilities (16-10-2025) [AMER]. The case highlights converged OT/IT risks in public venues and the need for hardened audio/visual management systems and credential governance (Source: Reuters, 16-10-2025).

Experian Netherlands fined €2.7m under GDPR — Dutch authorities fined Experian’s local unit for unlawfully collecting and processing personal data at scale, ordering remedial actions and transparency measures (19-10-2025) [EU]. The ruling adds legal pressure around data brokerage practices and will inform investigative work into data misuse, third-party enrichment feeds, and compliance risk (Source: BleepingComputer, 19-10-2025).

China accuses U.S. of cyber breaches at National Time Service Center — China’s security ministry alleged sustained intrusions targeting the national time centre that could have affected communications, finance and power systems (19-10-2025) [APAC]. The claim underscores critical-infrastructure timing dependencies and the geopolitical spillover IR teams must consider when assessing attribution and sector impacts (Source: Reuters, 19-10-2025).

Envoy Air hack tied to Oracle E-Business Suite exploitation — American Airlines’ largest regional carrier confirmed a recent hack amid an extortion campaign abusing Oracle EBS applications; investigations are ongoing (17-10-2025) [US]. Aviation sector defenders should check ERP integrations, audit service accounts, and monitor for data-theft extortion patterns leveraging enterprise app misconfigurations (Source: Reuters, 17-10-2025).

F5 releases BIG-IP patches after breach exposed undisclosed flaws — F5 shipped updates addressing BIG-IP vulnerabilities days after disclosing state-backed access and theft of source code and bug details; US officials warned of targeting against federal networks (15-10-2025) [US]. Threat teams should prioritize patching, review device exposure, and track exploitation attempts aligning with recent emergency directives to mitigate cascade risk (Source: BleepingComputer, 15-10-2025).

ClickFix campaigns push info-stealers via TikTok tutorials — Researchers reported ongoing social-media-driven “ClickFix” lures distributing info-stealers like Aura, with new reports published on 19-10-2025 (19-10-2025) [Global]. SOC teams should strengthen app-control policies, detect signed-installer abuse, and block known delivery chains that piggyback user-help content (Source: BleepingComputer, 19-10-2025).

PowerSchool hacker sentenced to four years in U.S. federal court — A 20-year-old Massachusetts man received a four-year sentence and over $14 million in restitution for hacking PowerSchool and stealing data on tens of millions of students and teachers (14-10-2025) [US]. The case shows increasing penalties for large-scale data theft and signals continued collaboration between federal prosecutors and education-sector victims (Source: Reuters, 14-10-2025).

Beijing escalates cyber policy dispute with allegations against U.S. — China publicly accused the U.S. of multi-year intrusions into its National Time Service Center and warned of systemic risks to national infrastructure (19-10-2025) [APAC]. The move raises diplomatic temperature ahead of standards talks and may prompt reciprocal controls, impacting cross-border incident cooperation and disclosures (Source: Reuters, 19-10-2025).

US and UK target transnational scam networks with sanctions — The U.S. Treasury, with UK partners, designated a Southeast Asia scam network as a transnational criminal organization and cut off another from the U.S. financial system (14-10-2025) [US/EU/APAC]. The action tightens financial pressure on cyber-enabled fraud operations and signals a coordinated use of sanctions alongside law-enforcement disruption (Source: U.S. Treasury, 14-10-2025).

NCSC Annual Review 2025 highlights resilience and ACD at scale — The UK NCSC’s latest annual review (published this week) outlines national resilience efforts, sector trends and the expanded Active Cyber Defence service footprint (14-10-2025) [UK]. Security leaders can map programme priorities to the review’s guidance to benchmark controls, incident readiness and supplier-risk expectations (Source: NCSC, 14-10-2025).

Singapore issues October patch guidance for critical updates — The Cyber Security Agency of Singapore published its monthly bulletin calling out critical patches from major vendors and urging timely updates (15-10-2025) [APAC]. The advisory is a useful compliance cue for patch SLAs and helps APAC operators align maintenance windows with current exploitation trends (Source: CSA Singapore, 15-10-2025).