CISA releases eight new ICS advisories across multiple OT products with mitigation guidance — CISA published eight ICS advisories urging asset owners to review, test, and apply mitigations for vendor-specific flaws (23-10-2025) [US]. Rapid triage and patch/testing plans are critical for DFIR teams in industrial environments to prevent lateral movement into production networks (Source: CISA, 23-10-2025).

Pwn2Own Ireland day one sees 34 unique zero-day bugs demonstrated against popular enterprise software — Security researchers earned $522,500 by demonstrating weaponised chains against widely deployed apps and services (21-10-2025) [EU]. Findings help IR teams pre-position detections, validate hardening, and inform tabletop exercises around realistic attack paths (Source: BleepingComputer, 21-10-2025).

Western Sydney University confirms cyber incident and begins notifying affected individuals — The university linked the breach to data used in prior fraudulent emails and is coordinating with authorities and partners (23-10-2025) [APAC]. DFIR teams should prepare for victim assistance, scoping of accessed records, and structured evidence handling for law-enforcement liaison (Source: Western Sydney University, 23-10-2025).

Investigators track ToolShell exploitation of Microsoft SharePoint servers across four continents — Agencies and telecom/finance firms were among the targets as attackers leveraged CVE-2025-53770 for initial access (22-10-2025) [Global]. Case indicators help scope potentially compromised SharePoint instances and prioritise hunting for post-exploitation activity (Source: BleepingComputer, 22-10-2025).

23andMe offers five years of “genetic monitoring” to victims under proposed $50M settlement — The move aims to mitigate long-tail harms from the 2023 data theft involving immutable DNA-related information (24-10-2025) [US]. Breach aftermath underscores minimising sensitive data retention and preparing for extended victim-risk management workflows (Source: The Wall Street Journal, 24-10-2025).

Blue Cross Blue Shield of Montana breach claims face investigation by law firm — Reports indicate potential exposure of personal information with legal review underway (23-10-2025) [US]. Healthcare DFIR teams should anticipate identity-theft fallout, coordinate with counsel on notification requirements, and preserve artifacts for discovery (Source: GlobeNewswire, 23-10-2025).

Active exploitation: Microsoft SharePoint targeted via ToolShell (CVE-2025-53770) — Government, academia, telecom and finance organisations are affected as attackers establish web-shell footholds (22-10-2025) [Global]. Patch guidance and hunting for web-shell artefacts and credential theft should be prioritised to contain persistence and lateral movement (Source: BleepingComputer, 22-10-2025).

CISA warns Motex Lanscope Endpoint Manager flaw is under active exploitation — Agencies report in-the-wild abuse of a critical vulnerability and urge inventory checks and immediate remediation (23-10-2025) [US/APAC]. Identify deployments, apply fixes, and review admin activity and outbound connections for compromise indicators (Source: BleepingComputer, 23-10-2025).

CISA adds five CVEs to the Known Exploited Vulnerabilities (KEV) Catalog — US federal agencies receive patch deadlines, with broader industry encouraged to align remediation SLAs to KEV entries (20-10-2025) [US]. Mapping KEV to internal risk registers and patch cadences is an evidence-based way to reduce breach likelihood (Source: CISA, 20-10-2025).

US announces $14B cryptocurrency seizure linked to cybercrime syndicates — Authorities said the operation aims to disrupt ransomware and related criminal ecosystems by constraining illicit cash-out channels (24-10-2025) [US]. For defenders, follow-on disruption can reduce monetisation options and open windows to identify affiliate infrastructure (Source: Dark Reading, 24-10-2025).

H-ISAC flags law-enforcement-linked ransomware reporting impacting manufacturing and aviation suppliers — Cross-sector briefings highlighted Qilin/Agenda activity and coordination cues for incident response (23-10-2025) [Global]. ISAC bulletins often include pre-disclosure indicators that can guide faster coordination with investigators and regulators (Source: AHA / H-ISAC, 23-10-2025).

Microsoft report details AI-driven scaling of phishing, identity abuse and cloud intrusions — The 2025 analysis outlines attacker use of AI to accelerate reconnaissance and exploitation across sectors (24-10-2025) [Global]. CISOs should update risk registers and control roadmaps to reflect AI-accelerated TTPs and identity resilience priorities (Source: Help Net Security, 24-10-2025).

NIST concludes October ISPAB meeting; CSF 2.0 sector profiles and SP 800 updates continue — Public sessions on 22–23 October focused on standards progress relevant to federal and industry programmes (22-10-2025 to 23-10-2025) [US]. Tracking these updates helps align governance and procurement with emerging best practice and federal guidance (Source: NIST CSRC, 23-10-2025).

NIST’s CSF 2.0 Manufacturing Profile public draft remains open for feedback — Late-October sessions referenced adoption scenarios and mappings for OT/IIoT environments (29-09-2025; referenced 22–23-10-2025) [US]. Aligning OT controls to CSF 2.0 helps evidence compliance while reducing incident impact (Source: NIST CSRC, 29-09-2025).

ISO/IEC 27404:2025 sets framework for consumer IoT cybersecurity labelling programmes — The new standard outlines criteria that can map to procurement checks and home-working device policies (10-2025) [Global]. Adoption can reduce supply-chain risk by raising baseline security in consumer IoT used in enterprise contexts (Source: ISO, 10-2025).