Uvalde CISD restores critical tech ahead of school reopening after ransomware — The district says phone lines and essential systems are back online as recovery actions continue (21-09-2025) [US]. Rapid service restoration and staged re-enablement demonstrate practical IR sequencing for education environments with limited redundancy. (Source: KSAT, 21-09-2025).

Pennsylvania Attorney General’s Office posts formal update on ransomware incident — Officials detailed timeline and remediation steps following the August disclosure, noting continued investigation and safeguards (21-09-2025) [US]. The update offers process transparency and signals post-incident controls that DFIR teams can benchmark. (Source: DataBreaches.net, 21-09-2025).

Investigations spotlight supply-chain ‘weak links’ as third-party breaches spike — Analysts cite rising compromises via vendors and managed service providers, with regulators moving to tighten accountability (22-09-2025) [Global]. DFIR teams should expand third-party telemetry and evidence retention to support upstream/downstream attributions. (Source: Financial Times, 22-09-2025).

Collins Aerospace check-in tech under scrutiny after airport disruption — Airlines reverted to manual processes as investigators assessed compromise pathways impacting multiple European hubs (21-09-2025) [EU]. The case underscores investigative dependency on supplier logs and coordinated evidence handling across carriers. (Source: The Guardian, 21-09-2025).

Europe’s airports grapple with multi-day check-in disruption after cyberattack — Widespread delays persisted as remediation and vendor fixes rolled out, affecting carriers across major hubs (22-09-2025) [EU]. Aviation OT/IT interdependencies and shared vendor risk amplified operational impact. (Source: Reuters, 22-09-2025).

JLR cyberattack forces extended UK factory shutdowns, triggers supply-chain strain — Production halt stretched toward three weeks, impacting thousands of suppliers and workers as systems stayed offline (22-09-2025) [EU]. The incident illustrates just-in-time fragility and the cascading cost of manufacturing IT outages. (Source: WIRED, 22-09-2025).

WatchGuard warns of critical Firebox flaw (IKEv2 dynamic peer) — An out-of-bounds write in “iked” enables RCE on affected Fireware builds; patches and workarounds were issued (20-09-2025) [Global]. Prioritise upgrades; exposure often persists in hybrid BOVPN setups even after config changes. (Source: TechRadar Pro, 20-09-2025).

Ransomware trackers log fresh victim posts across US, EU and APAC — New listings (e.g., healthcare and manufacturing) surfaced on 21-09-2025, signalling active campaigns (21-09-2025) [Global]. Monitor for brand mentions and match against current IOCs; some crews post weeks after initial access. (Source: Ransomware.live, 21-09-2025).

Hyderabad cyber-scam arrests reported in stock-trading fraud case — Local media report two suspects detained in a ₹32 lakh investment-app scheme as cybercrime police expand the probe (20-09-2025) [APAC]. The case highlights cross-state fraud operations leveraging spoofed trading platforms and social engineering. (Source: Ground News (News18/RVCJ), 20-09-2025).

NIS2 and the UK’s forthcoming Cyber Security & Resilience Bill loom amid supplier breaches — Policymakers increasingly target third-party accountability as investigations tie major outages to vendor compromises (22-09-2025) [EU]. Compliance programmes should extend SBOM, vendor attestations and contract-level incident-reporting SLAs. (Source: Financial Times, 22-09-2025).