Checkmarx confirmed in the United States and Israel [AMER/EMEA] that LAPSUS$ published data taken from its private GitHub environment after access linked to the Trivy supply-chain compromise. The company said a third-party forensic firm traced the exposed material to repository access, with investigators still assessing leaked data types and whether customer notification becomes necessary (Source: BleepingComputer, 28-04-2026).

Vimeo disclosed in the United States [AMER] that some user and customer data was accessed through the Anodot analytics platform, exposing email addresses in some cases and technical data, video titles and metadata. The investigation has removed Anodot integration, disabled credentials and notified law enforcement, giving investigators a third-party access path and database scope to validate (Source: SecurityWeek, 28-04-2026).

US prosecutors said Xu Zewei was extradited from Italy to Houston [AMER/EMEA/APAC] over alleged HAFNIUM-linked intrusions and COVID-19 research targeting between 2020 and 2021. Court documents identify Ministry of State Security direction, Shanghai Powerock employment and alleged access to universities and researchers, giving investigators attribution, tasking and infrastructure evidence to test (Source: US Department of Justice, 27-04-2026).

Cyber police in Muzaffarpur, India [APAC], arrested two suspects from Patna after investigating an alleged Rs67 lakh digital-arrest fraud that used fake legal threats to coerce payments. The case turns on impersonation evidence, payment trails and victim communications, with investigators continuing to map the network behind staged law-enforcement pressure and money movement (Source: Times of India, 28-04-2026).

Medtronic confirmed in the United States [AMER/Global] that its systems were hacked after ShinyHunters claimed theft of more than nine million personal records and terabytes of corporate information. The company said product, patient-safety, manufacturing and hospital customer networks were separated, while investigators work to identify what personal information may have been accessed (Source: SecurityWeek, 28-04-2026).

Itron disclosed in the United States [AMER/Global] that an unauthorised third party accessed certain systems at the energy and water management supplier serving utilities and cities worldwide. Its SEC filing says the company activated its response plan, used external advisers, notified law enforcement, removed the activity and saw no unauthorised activity in customer-hosted systems (Source: SEC, 24-04-2026).

CISA added CVE-2026-32202 to the Known Exploited Vulnerabilities catalogue in the United States [AMER] after Microsoft Windows systems were reported exposed to zero-day exploitation. Reporting links the flaw to incomplete remediation of an earlier remote code execution issue, with credential-theft risk from auto-parsed LNK files and federal patching required by 12-05-2026 (Source: BleepingComputer, 29-04-2026).

Attackers are exploiting a critical LiteLLM pre-authentication SQL injection flaw [Global] affecting the proxy API key verification path used by AI application infrastructure. The vulnerability can expose database contents, API keys, virtual keys and secrets, making logs, stolen credentials and downstream cloud activity central to compromise assessment and attribution (Source: BleepingComputer, 28-04-2026).

Swiss authorities arrested ten suspected Black Axe members across several cantons [EMEA], including the alleged regional head for Southern Europe, after coordinated searches targeting cyber-enabled fraud. Europol-linked reporting describes romance scams, money laundering, hierarchical organisation and suspected facilitators, giving investigators seized-device, mule-account and victim-payment evidence to correlate across jurisdictions (Source: Help Net Security, 28-04-2026).

Police in Dar es Salaam, Tanzania [EMEA], arrested 37 people linked to online lending firms after allegations of cyberbullying, threats and abusive debt-collection conduct. The case gives investigators a regional digital-evidence problem involving device seizures, lending-app records, caller identities and message histories that may show organised intimidation rather than isolated harassment (Source: The Chanzo, 28-04-2026).

ENISA published its National Capabilities Assessment Framework 2.0 for EU member states [EMEA], updating a structured method for assessing national cybersecurity strategy maturity. The framework strengthens evidence-based policy review through indicators covering governance, capability-building, legal measures and cooperation, which can help investigators and national authorities identify readiness gaps before major cross-border cases emerge (Source: ENISA, 22-04-2026).

The European Commission reported an EU-funded ERATOSTHENES project milestone [EMEA], describing tests of a new approach to securing IoT devices in real-world settings. The work matters for connected-device evidence because identity, attestation and trust frameworks affect how investigators validate device provenance, telemetry integrity and compromise claims across consumer, industrial and public-service environments (Source: European Commission, 28-04-2026).