Taiwan’s Ministry of Digital Affairs said government agencies recorded 726 cybersecurity incidents in 2025, with fake messaging apps, ransomware and weak supply chains flagged as priority risks across APAC. The incident grading by confidentiality, integrity and availability gives investigators a useful triage model for separating routine artefact collection from higher-impact cases requiring cross-agency evidence preservation (Source: Taiwan News, 25-05-2026)

Karnataka cyber police arrested six suspects after a retired Bengaluru teacher lost Rs 24 crore in a “digital arrest” fraud, with a bank manager’s alert helping investigators intervene in APAC. Police said Rs 1.60 crore had been recovered from 22 accounts, underscoring the evidential value of rapid banking alerts, account-freeze workflows and mule-account mapping (Source: The Indian Express, 25-05-2026)

Rescana reported that TeamPCP’s Megalodon campaign compromised 5,561 GitHub repositories through malicious CI/CD workflows, widening a software supply-chain investigation across AMER and global developer environments. The case highlights how workflow tokens, repository history and release artefacts become primary evidence when investigators reconstruct package provenance and downstream compromise paths (Source: Rescana, 24-05-2026)

Security Affairs said IBM confirmed and contained a cybersecurity incident affecting an Italian subsidiary, after reports linked the intrusion to Salt Typhoon activity in EMEA. The limited disclosure leaves investigators focused on externally visible downtime, service restoration timelines and attribution signals that must be corroborated against endpoint, identity and network telemetry (Source: Security Affairs, 24-05-2026)

The Hacker News reported a TrapDoor supply-chain campaign distributing credential-stealing malware through npm, PyPI and Crates.io packages, with activity beginning on 22 May and affecting global developer ecosystems. For investigators, the cross-registry spread raises collection priorities around package manifests, maintainer accounts, download telemetry and build logs that can prove infection timing (Source: The Hacker News, 25-05-2026)

Malwarebytes’ weekly review highlighted active exploitation themes including critical Chrome flaws, Microsoft Defender vulnerabilities and a dismantled fake malware-signing service affecting users and enterprises across AMER, EMEA and APAC. The cluster matters because multiple independent incident streams can converge in investigations through shared signing artefacts, browser exploit traces and host-level telemetry (Source: Malwarebytes, 25-05-2026)

Rescana flagged compromised Laravel-Lang PHP packages delivering cross-platform credential-stealing malware, placing PHP application maintainers and Composer users in a global software-supply-chain risk window. Investigators should preserve package versions, install timestamps, outbound beaconing records and credential-access artefacts before automated clean-up erases evidence of developer workstation exposure (Source: Rescana, 24-05-2026)

Guardian Digital detailed calendar phishing attacks that use malicious invites to bypass traditional inbox-focused controls, affecting enterprise email environments across AMER and global SaaS tenants. The technique matters for evidence collection because calendar objects, meeting metadata, delegated permissions and identity-provider logs may hold the decisive proof of lure delivery and user interaction (Source: Guardian Digital, 24-05-2026)

Singapore Police said 12 people would be charged between 25 and 29 May for suspected involvement in fraudulently registering postpaid SIM cards for monetary gain in APAC. The case shows why subscriber-registration records, device identifiers and activation trails remain central to linking scam infrastructure with human operators and mule networks (Source: Singapore Police Force, 23-05-2026)

Singapore Police described Operation Frontier+ III, a joint crackdown with Royal Malaysia Police that located a suspected scam-operations centre in Kuala Lumpur and led to local enforcement actions in APAC. The investigation illustrates how cross-border case conferences, bank-account intelligence and credential-surrender evidence help connect remote callers, account holders and platform access (Source: Singapore Police Force, 23-05-2026)

GitHub rolled out npm staged publishing and package-install controls, strengthening release governance for maintainers after repeated package-ecosystem attacks affecting global software supply chains. The controls matter because approval checkpoints, provenance logs and two-factor publishing gates can become evidential anchors when investigators determine whether a malicious release was authorised, hijacked or injected (Source: The Hacker News, 23-05-2026)

Help Net Security published lessons from the Verizon 2026 Data Breach Investigations Report, with fresh attention on vulnerability exploitation and board-level cyber-risk translation across AMER and global enterprises. For investigation leaders, the value is in aligning evidence collection with measurable exposure paths, repeatable breach patterns and executive reporting that preserves technical accuracy (Source: Help Net Security, 25-05-2026)