Pwn2Own Ireland day one sees researchers chain 34 zero-days — Security researchers exploited 34 unique zero-days on 21-10-2025 at Pwn2Own Cork, earning $522,500 in awards [EMEA]. Rapid weaponization highlights patch-gaps and gives blue teams high-fidelity repros to harden browser/enterprise app attack surfaces and update detection content (Source: BleepingComputer, 21-10-2025).

Microsoft details end-to-end attack chains targeting Azure Blob Storage — On 20-10-2025 Microsoft outlined observed threat activity against Blob Storage and published detections and control mappings [US]. Guidance includes monitoring data-plane actions, hardening Defender for Storage, and hunting for exfil paths—useful for DFIR containment and cloud triage playbooks (Source: Microsoft Security Blog, 20-10-2025).

North Yorkshire Police secure 24-year sentence in nationwide sextortion case — On 21-10-2025 a prolific online offender was jailed for 24 years after an investigation into 83 cyber-enabled child sexual abuse and sextortion offences [UK/EMEA]. Case demonstrates digital evidence handling across multiple forces and platforms and underlines need for rapid preservation of platform metadata (Source: North Yorkshire Police, 21-10-2025).

Essex Police jails Instagram “model” groomer after online exploitation probe — Published 21-10-2025, Essex Police reported a 14-year custodial sentence following a multi-force online investigation into sexual exploitation facilitated via Instagram [UK/EMEA]. The case highlights open-source capture, warrant returns, and safeguarding workflows central to modern cyber-investigations (Source: Essex Police, 21-10-2025).

Muji halts online sales after logistics partner Askul hit by ransomware — On 22-10-2025 Muji suspended online orders after a ransomware attack on partner Askul disrupted deliveries, website access and app services [APAC]. Third-party outage propagation underscores supply-chain risk mapping, contract IR clauses, and business-continuity testing for retailers (Source: Security Affairs, 22-10-2025).

Verisure reports Swedish subsidiary data breach affecting ~35,000 people — On 20-10-2025 Verisure disclosed unauthorized access at Alert Alarm in Sweden, with police opening an aggravated data breach investigation [EMEA]. Home-security providers should validate third-party hosting controls and rehearse customer notification workflows (Source: The Record, 20-10-2025).

CISA confirms Oracle E-Business Suite flaw is under active exploitation — On 21-10-2025 CISA confirmed exploitation of an Oracle EBS SSRF bug (tracked as CVE-2025-61884) and added it to the KEV list [US]. Oracle EBS admins should prioritize patching and add WAF rules/egress controls to blunt SSRF pivot paths (Source: BleepingComputer, 21-10-2025).

CISA adds five new entries to the Known Exploited Vulnerabilities catalog — On 20-10-2025 CISA expanded the KEV catalog based on evidence of active exploitation, setting remediation due dates for U.S. federal agencies [US]. KEV alignment helps enterprises prioritize patching and compensating controls for real-world exploited bugs (Source: CISA Alerts, 20-10-2025).

Kaspersky details “PassiveNeuron” APT with new implants and Cobalt Strike use — On 21-10-2025 researchers described government-targeting intrusions using previously unknown implants (“Neursite,” “NeuralExecutor”) and post-exploitation tooling [Global]. DFIR teams should add YARA/EDR hunts for indicators and TTPs tied to loader stages and lateral movement paths (Source: Securelist, 21-10-2025).

UK court hands down 24-year term in large cyber-enabled sextortion case — North Yorkshire Police reported sentencing on 21-10-2025 after a multi-location investigation spanning dozens of victims [UK/EMEA]. The outcome reflects increasing LE focus on online harm units and cross-jurisdiction digital forensics (Source: North Yorkshire Police, 21-10-2025).

Essex Police secure 14-year sentence for online exploitation via Instagram — Published 21-10-2025, the force highlighted collaborative online investigation methods culminating in conviction and extended licence [UK/EMEA]. For cyber units, the case reiterates the value of platform preservation orders and OSINT corroboration during suspect attribution (Source: Essex Police, 21-10-2025).

UK NCSC urges immediate mitigation for actively exploited Oracle E-Business Suite bug — The NCSC issued guidance urging UK organisations to take immediate action to mitigate an Oracle EBS vulnerability under active exploitation, updated 21-10-2025 [UK/EMEA]. Advisories like this drive coordinated patching across critical back-office systems and should be folded into change windows urgently (Source: NCSC, 21-10-2025).

European Commission updates on digital policy simplification and AI files — On 21-10-2025 the Commission provided updates to Council and Parliament on simplifying implementation across digital/AI initiatives, noting progress since prior mandates [EU/EMEA]. Policy cadence signals incoming compliance timelines and resourcing needs for CISOs tracking EU tech regulation (Source: European Commission – Digital Strategy, 21-10-2025).

NIST hosts semiconductor traceability & provenance workshop — On 21-10-2025 NIST convened stakeholders in Gaithersburg and virtually to align practices for supply-chain traceability and provenance in semiconductors [US]. Outcomes influence future guidance and sector profiles relevant to SCRM and evidence handling in hardware incidents (Source: NIST CSRC Events, 21-10-2025).

EU Cybersecurity Act page updated; managed security services certification scope — The Commission’s Cybersecurity Act page (updated 21-10-2025) highlights the targeted amendment enabling future EU certification schemes for managed security services including IR and pen testing [EU]. Providers should monitor scheme criteria to prepare evidence packs and audit readiness (Source: European Commission – Digital Strategy, 21-10-2025).