ACSC issues Exchange Server hardening guidance — Australia’s Cyber Security Centre published actionable best practices for Microsoft Exchange deployments covering segmentation, MFA, logging, and patching (31-10-2025) [APAC]. This gives DFIR teams a current baseline to audit exposed mail systems and close common footholds seen in real-world intrusions (Source: ACSC, 31-10-2025).

CISA publishes Exchange best-practice guidance — CISA highlighted concrete steps to harden on-prem Exchange and reduce compromise risk across federal and critical infrastructure environments (30-10-2025) [AMER]. IR teams can use this as a checklist to validate controls post-incident and to pre-empt common persistence paths and credential theft (Source: CISA, 30-10-2025).

CISA adds XWiki and VMware Tools bugs to KEV — Following evidence of exploitation, CISA added new entries to its Known Exploited Vulnerabilities catalog and set federal deadlines for remediation (30-10-2025) [AMER]. Forensic leads should prioritize detection and patch validation for these CVEs as they are actively abused in the wild (Source: CISA, 30-10-2025).

Sophos details Bronze Butler’s latest Japan-focused ops — Researchers tracked a long-running APT using LOLBins, DLL search-order hijacking, and staged exfil to target Japanese orgs (30-10-2025) [APAC]. The TTPs map cleanly to detection engineering opportunities (WinRM/LOLBin abuse, signed-binary proxying) for threat hunting (Source: Sophos X-Ops, 30-10-2025).

Nation-state breach at U.S. telecom backbone vendor Ribbon Communications — Ribbon disclosed a long-dwell espionage intrusion dating back to December 2024 with access to customer files on laptops outside the main network (29-10-2025) [AMER]. DFIR teams supporting telco and adjacent suppliers should review supplier access, segregate laptop data, and expand compromise scope validation (Source: Reuters, 29-10-2025).

Conduent begins notifications after January breach impacts >10M people — Conduent said data stolen in a January 2025 incident affects more than 10 million individuals, with multi-state notices now underway (31-10-2025) [AMER]. Public-sector clients and integrators should prepare for downstream identity-fraud risk, rotate credentials/API keys, and validate third-party data flows (Source: SecurityWeek, 31-10-2025).

CISA warns on Hitachi Energy TropOS radio vulnerabilities — New ICS advisory describes flaws enabling remote code execution/DoS on industrial wireless routers used in utilities and transport (30-10-2025) [AMER/EMEA]. Asset owners should inventory TropOS deployments and apply mitigations/patches to prevent lateral movement across OT networks (Source: CISA ICS Advisory, 30-10-2025).

Vehicle-to-Grid (ISO 15118-2) stack issues flagged in ICS advisory — CISA outlined multiple vulnerabilities in EV charging communications implementations referencing ISO 15118-2 that could be abused to disrupt or pivot (30-10-2025) [Global]. Operators of EVSE/DER environments should review protocol handling, certificate management, and network segmentation to limit blast radius (Source: CISA ICS Advisory, 30-10-2025).

Conti suspect extradited from Ireland to the U.S. — A Ukrainian national was extradited and made an initial appearance in Tennessee on charges tied to Conti ransomware operations impacting over 1,000 victims (30-10-2025) [AMER/EMEA]. The case underscores sustained cross-border pressure on ransomware operators and offers new opportunities for intel-sharing and victim notification (Source: U.S. DoJ, 30-10-2025).

Ex-defense contractor GM pleads guilty in trade-secrets case — A former general manager admitted selling stolen U.S. defense trade secrets to a Russian broker as part of a broader criminal probe (29-10-2025) [AMER]. For DFIR teams supporting defense suppliers, the plea highlights insider and espionage vectors requiring strict data-loss monitoring and access review (Source: U.S. DoJ, 29-10-2025).

ACSC policy note: Exchange hardening for Australian networks — ACSC published a focused Exchange hardening guide with priority controls and logging requirements for higher assurance (31-10-2025) [APAC]. Policy-driven alignment lets CISOs mandate the same baselines across agencies and suppliers to shrink attack surface (Source: ACSC, 31-10-2025).

CISA Insights: Exchange best practices for U.S. enterprises — CISA’s guidance consolidates hardening, monitoring, and response expectations for Exchange environments across government and critical sectors (30-10-2025) [AMER]. Harmonizing federal expectations with industry practice helps procurement and compliance teams enforce minimum standards in contracts (Source: CISA, 30-10-2025).

CISA orders federal agencies to patch VMware Tools KEV — Following KEV additions, CISA directed U.S. civilian agencies to remediate a VMware Tools privilege-escalation bug exploited since 2024 (31-10-2025) [AMER]. Teams operating under BOD 22-01 should verify asset coverage, patch timelines, and compensating controls where maintenance windows are constrained (Source: BleepingComputer, 31-10-2025).

ISO 15118-2 (V2G) implementations: compliance considerations — CISA’s advisory on EV charging communications highlights protocol and certificate handling weaknesses that intersect with ISO compliance (30-10-2025) [Global]. Compliance teams should align OT risk registers, supplier attestations, and pen-test scopes to the specific V2G attack paths identified (Source: CISA ICS Advisory, 30-10-2025).