India’s CBSE Class 12 verification and re-evaluation portal was reportedly targeted by a suspected cyberattack hours after launch, affecting a high-stakes education workflow handling student records and marking data. Investigators should preserve portal logs, OSM access trails, researcher disclosures and administrator actions to establish whether the event was probing, attempted compromise or exploitation of exposed examination infrastructure. (Source: Times of India, 03-06-2026)

Claims of public cloud-storage exposure linked to JEE Advanced 2026 put IIT Roorkee’s examination platform under scrutiny in India, with the institute reportedly acknowledging the report and beginning corrective action. The case gives digital investigators a clear evidence path across bucket permissions, researcher timelines, cached artefacts, access logs and remediation records to determine exposure scope and whether any student data was accessed. (Source: Economic Times, 03-06-2026)

A threat actor is reportedly using an AI-built ransomware toolkit that automates EDR evasion and Active Directory discovery, indicating AMER-focused investigative interest around faster intrusion staging and operator-assisted deployment. Forensic teams should prioritise command-line telemetry, generated script artefacts, directory-enumeration output and endpoint-control bypass attempts because automated tooling can compress the interval between initial access and extortion preparation. (Source: BleepingComputer, 02-06-2026)

Unit 42 updated its analysis of npm supply-chain attacks after a June 2026 campaign compromised packages under the @redhat-cloud-services namespace, creating a global software-investigation problem for development and cloud teams. Investigators should correlate package versions, GitHub account activity, orphan commits, CI/CD logs and downstream dependency usage to identify where malicious code entered build pipelines and whether secrets or deployment tokens were exposed. (Source: Unit 42, 03-06-2026)

Hong Kong’s securities regulator warned licensed firms of increasingly sophisticated AI-driven cyber threats, putting APAC financial institutions on notice that targeted attack capability is changing faster than legacy control testing. The alert matters for incident investigators because it raises the evidential value of phishing artefacts, model-assisted impersonation clues, anomalous account behaviour and board-level risk decisions when reconstructing how financial-sector intrusions are prepared. (Source: Reuters, 02-06-2026)

Australia-focused reporting tied recent denial-of-service and data-breach activity to a wider rise in cyber incidents affecting local organisations, including pressure from criminal groups and hacktivist operators. Digital investigators should treat distributed disruption, leak-site claims, access monetisation and extortion chatter as connected evidence streams, especially where public-facing outages obscure parallel credential theft or data-staging activity. (Source: Arnav Australia, 02-06-2026)

Google’s June Android security update addressed 124 flaws, including CVE-2025-48595, a privilege-escalation issue said to show signs of limited targeted exploitation across Android 14, 15 and 16 devices. Mobile investigators should focus on device build levels, exploit timing, privilege-change artefacts and app telemetry because targeted Android exploitation often supports surveillance, credential collection and selective evidence removal. (Source: The Hacker News, 03-06-2026)

Rapid7 updated its findings on active exploitation of CVE-2026-0257, a PAN-OS GlobalProtect authentication-bypass vulnerability that can allow unauthenticated VPN connection where vulnerable configurations are present. Network investigators should retain VPN gateway logs, GlobalProtect authentication traces, source IP clusters and post-connection telemetry, since the earliest confirmed exploitation preceded some patch availability and may not be visible through endpoint evidence alone. (Source: Rapid7, 03-06-2026)

The Record reported that a proposed U.S. cyber force would require up to $11 billion to establish and around 30,000 personnel, reflecting AMER law-enforcement and defence concern over operational cyber capacity. For investigators, the debate highlights persistent gaps in case intake, technical attribution, evidence handling and cross-agency coordination when state, criminal and infrastructure-targeting activity overlap. (Source: The Record, 03-06-2026)

Europol advertised a senior Lawful Access capability role tied to operational directorate work in The Hague, indicating continued EMEA investment in technical support for investigations involving encrypted communications and digital evidence. The posting is relevant because lawful-access capability shapes how investigators preserve chain of custody, request platform data, process seized devices and document proportionality in cross-border cybercrime cases. (Source: Europol, 02-06-2026)

The White House directed leading U.S. AI developers to voluntarily submit advanced models for government cybersecurity testing before public release, creating an AMER policy checkpoint for systems that may affect critical infrastructure. Investigators should monitor how testing records, vulnerability findings, release approvals and model-risk documentation become evidential artefacts after AI-enabled misuse, software exploitation or downstream infrastructure incidents. (Source: Reuters, 02-06-2026)

The European Central Bank said it will ask banks for targeted measures against AI-related cyber risk, signalling EMEA supervisory pressure on financial institutions to reassess resilience, governance and expertise. The move matters for investigations because board decisions, third-party AI dependencies, cloud exposure and security-control uplift plans may become central records when reconstructing foreseeability and preparedness after banking-sector incidents. (Source: Reuters, 03-06-2026)