Windows 11 KB5067036 rolls out Administrator Protection — Microsoft began rolling out the optional KB5067036 update, introducing an Administrator Protection feature that enforces Windows Hello re-authentication for actions requiring elevated privileges (28-10-2025). This reduces silent privilege abuse and helps responders contain post-exploitation changes during live incidents

Qilin ransomware abuses WSL to run Linux encryptors on Windows — Researchers observed Qilin operators executing Linux encryptors via Windows Subsystem for Linux to evade traditional Windows-focused defenses (28-10-2025). DFIR teams should expand telemetry to WSL processes and hunt for cross-platform binaries and anomalous WSL activity during triage

Qilin leak site surge prompts broader victim mapping — New analysis found Qilin claimed over 185 victims on its leak site in October, linking activity to incidents at Asahi, Sugar Land and Texas power companies (29-10-2025). Victimology clustering can guide attribution and information-sharing, helping defenders anticipate targeting and negotiate with better context

Svenska kraftnät probes data breach after ransomware threat — Sweden’s power grid operator confirmed an investigation into a data breach tied to threats of leaking hundreds of gigabytes of internal data (28-10-2025). While operations were unaffected, investigators must validate third-party file transfer exposures and tighten segmentation around OT/IT boundaries

Dentsu subsidiary Merkle discloses breach impacting staff and clients — Dentsu reported that U.S. subsidiary Merkle suffered a cybersecurity incident exposing employee and client information (28-10-2025). Agencies handling large datasets should re-validate supplier access, rotate credentials, and monitor for data misuse following disclosure

Sweden’s grid operator confirms limited breach; power supply unaffected — State-owned Svenska kraftnät confirmed a breach in an external file transfer solution with no impact on electricity transmission (28-10-2025). Critical infrastructure operators must isolate auxiliary data systems and enforce strict egress controls to prevent extortion leverage

CISA adds actively exploited vulnerabilities to KEV catalog — CISA updated the Known Exploited Vulnerabilities catalog, including new entries linked to ongoing exploitation against U.S. networks (28-10-2025). KEV deadlines drive patch prioritisation—map assets, validate exposure, and document remediation per agency-mandated timelines

CISA publishes multiple ICS advisories including Rockwell and Siemens — CISA released a tranche of ICS advisories detailing affected products, CVSS scores, and mitigations for Rockwell, Siemens and other vendors (28-10-2025). OT security teams should align mitigations with change windows and monitor for exploit PoCs targeting exposed industrial systems

CISA flags exploitation of Dassault DELMIA Apriso flaws — CISA warned that threat actors are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso manufacturing platform (28-10-2025). Manufacturing orgs should urgently patch, increase EDR visibility on MES servers, and review vendor-to-plant network trust

Europol urges action against caller ID spoofing — Europol issued a position calling for a coordinated EU response to caller ID spoofing that enables large-scale fraud and social engineering (27-10-2025). Greater telco-LEA cooperation and authentication standards can cut vishing losses and reduce incident volumes facing SOCs

NCSC publishes Annual Review 2025 spotlighting UK cyber resilience — The UK NCSC released its 2025 Annual Review outlining threat trends, major incidents and public-private initiatives (28-10-2025). CISOs can benchmark programmes against NCSC priorities and adopt recommended controls for supply-chain and critical sector risks

FCC adopts new rule to give consumers more caller ID data to fight robocalls — The U.S. FCC adopted a rule expanding caller ID data to curb robocalls, with emphasis on overseas-originated traffic (28-10-2025). Telecom and security teams should update analytics and STIR/SHAKEN policies; reduced spoofing improves incident triage fidelity

BSI flags widening AI governance gap in UK organisations — BSI warned that firms are investing in AI without adequate oversight, creating a ‘governance gap’ and compliance risks (28-10-2025). Risk owners should align AI deployments to recognised governance frameworks and assurance processes to pre-empt regulatory action

ISO/IEC JTC 1/SC 27 highlights active work on security & privacy standards — ISO updated public details for SC 27 working groups spanning ISMS, cryptography, evaluation and identity/privacy technologies (29-10-2025). Tracking SC 27 work helps teams anticipate upcoming control requirements and plan compliance roadmaps

Australia’s Cyber.gov.au posts Awareness Month briefing and guidance — Australia’s ACSC published fresh guidance and events for Cyber Security Awareness Month, including leadership briefings (29-10-2025). Use official guidance to refresh policy baselines and staff training, aligning controls with ACSC’s Information Security Manual