[AMER] WIRED reported that Dialog, an invitation-only network linked to senior political and technology figures, exposed member information through a publicly accessible website configuration rather than a confirmed external hack. Investigators should preserve the original page state, third-party form records, Airtable access trails, token exposure, takedown correspondence and internal statements to distinguish misconfiguration from intrusion (Source: WIRED, 24-06-2026).

[APAC] Tata Electronics confirmed a cybersecurity incident in India after files allegedly containing Apple and Tesla manufacturing material appeared online and threat actors claimed to hold a larger archive. The investigative priority is validating sample provenance, supplier boundaries, engineering-file metadata, access paths, exfiltration claims, client-notification records and whether copied documents originated from Tata systems or connected production partners (Source: Reuters, 22-06-2026).

[GLOBAL] CryptoBandits malware was reported to operate as both an information stealer and a backdoor while abusing Tor and local proxying to conceal command-and-control traffic. Investigators should collect proxy artefacts, Tor process evidence, wallet-theft indicators, persistence keys, outbound connections, browser credential access and payload-staging records to separate one-off theft from continuing remote control (Source: SecurityWeek, 20-06-2026).

[EMEA] Two Scattered Spider members pleaded guilty in the United Kingdom over the Transport for London intrusion that forced mass password resets and caused major recovery costs. The case highlights investigative dependence on social-engineering evidence, Telegram communications, device captures, cryptocurrency holdings, internal access records, refund-system abuse and identity data that connect operational disruption to specific defendants (Source: The Record, 23-06-2026).

[APAC] Bajaj Auto said a ransomware attack affected company systems and those of Bajaj Auto Technology in India, with response teams activating containment and mitigation measures. Investigators should preserve endpoint telemetry, production-system access records, backup status, ransomware notes, privilege escalation traces, supplier communications and board-level incident timelines before restored systems overwrite evidence (Source: Reuters, 23-06-2026).

[EMEA] Iran said card-based banking services were disrupted at Bank Melli, Bank Saderat and Bank Tejarat after cyberattacks affected payment, ATM, mobile-banking and point-of-sale operations. Evidence collection should cover banking gateway logs, card-processing dependencies, restoration steps, central-bank communications, mobile-app outage records, customer-impact reports and links to earlier attacks on shared financial infrastructure (Source: Reuters, 23-06-2026).

[GLOBAL] Attackers were reported to be exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin to expose API keys, OAuth tokens and other mail-configuration secrets. Investigators should retain plugin versions, WordPress administrator activity, exported configuration data, SMTP logs, outbound mail anomalies, API-key rotation records and evidence showing whether disclosed credentials were later abused (Source: The Hacker News, 20-06-2026).

[AMER] Researchers disclosed an unfixable hardware-level vulnerability affecting older Apple devices that could allow physical attackers to bypass startup controls and extract data before the operating system loads. Forensic teams should note device model, chip generation, chain-of-custody handling, physical-access risk, boot-state observations and extraction method documentation where affected phones, watches or tablets become evidential devices (Source: New York Post, 20-06-2026).

[AMER] U.S. authorities seized a cloud-computing account tied to Huione Group subsidiaries accused of supporting Southeast Asian investment scams, laundering and cyber-enabled crime. Investigators should preserve account metadata, hosted infrastructure, payment flows, customer records, domain mappings, wallet identifiers and links between cloud resources, scam compounds and laundering services before defendants or affiliates can reconstitute operations (Source: The Record, 23-06-2026).

[AMER] The U.S. Treasury announced action against Huione Group, cutting it off from the U.S. financial system over alleged laundering linked to DPRK activity and Southeast Asian scam networks. The enforcement record creates useful evidence trails across correspondent banking, corporate subsidiaries, virtual-asset flows, sanctioned counterparties and financial intelligence that can support wider cyber-fraud and money-laundering investigations (Source: U.S. Treasury, 23-06-2026).

[GLOBAL] Five Eyes intelligence agencies warned that frontier AI models could transform offensive cyber capability within months, increasing pressure on governments and companies to improve patching, exposure reduction and defensive automation. The policy signal is that investigation teams should document AI-use assumptions, vulnerability-management decisions, access-control evidence and response readiness as part of future assurance and attribution reviews (Source: Reuters, 22-06-2026).

[AMER] The White House published an order and fact sheet accelerating post-quantum cryptography migration to protect sensitive government data and critical infrastructure from future cryptographic attacks. Investigators and governance teams should track high-value asset inventories, algorithm dependencies, key-establishment records, digital-signature migration plans, risk acceptances and evidence that legacy cryptography is being retired on defensible timelines (Source: White House, 22-06-2026).