Kido nursery hackers say they deleted children’s data after backlash — The gang behind the Kido Schools breach issued an apology and claimed to remove child data after leaking sensitive records, prompting continued verification efforts with authorities (03-10-2025) [UK]. The case highlights the ethics of targeting minors and the importance of post-incident evidence handling and victim notification. (Source: The Times, 03-10-2025).

Forensic probe confirms PHI exposure at Superior Vision Service — Investigators determined an attacker accessed systems in late 2024; notifications began as fresh analysis tied the intrusion to potential PHI exposure (03-10-2025) [US]. The timeline underscores why DFIR teams must retain logs long-term and correlate historical access with current indicators before closing cases. (Source: HIPAA Journal, 03-10-2025).

Two Dutch teens arrested over alleged Europol spying attempt — Dutch authorities detained two 17-year-olds suspected of using Wi-Fi sniffers around Europol/Eurojust locations after a tip from intelligence services (02-10-2025) [EU]. Investigators report no systems compromise; the case signals growing youth recruitment into state-aligned reconnaissance and the need for perimeter wireless monitoring near sensitive sites. (Source: Computing, 02-10-2025).

Oracle warns of extortion emails hitting E-Business Suite customers — Oracle confirmed a wave of customer extortion tied to known vulnerabilities, following a Google warning about a high-volume campaign (03-10-2025) [US]. Ransom demands reportedly reach tens of millions, highlighting supply-chain risk where enterprise apps become leverage points. (Source: Reuters, 03-10-2025).

Ransomware halts Asahi shipments; Japan faces Super Dry shortage — Asahi Group suspended domestic shipments after a cyberattack crippled ordering and delivery systems, leaving production days from running dry (03-10-2025) [APAC]. The outage shows how logistics/system dependencies can eclipse plant capacity, with police notified and recovery timeline uncertain. (Source: The Guardian, 03-10-2025).

CISA adds five vulnerabilities to Known Exploited list — The KEV update includes Smartbedded Meteobridge CVE-2025-4008 and four additional flaws confirmed under active exploitation (02-10-2025) [US]. Organizations should prioritize KEV items for patching and validation, as exploitation evidence elevates risk beyond baseline CVSS scores. (Source: CISA, 02-10-2025).

Two fresh ICS advisories released for industrial operators — New advisories detail current ICS exposure and mitigations, reinforcing asset visibility and network segmentation best practices (02-10-2025) [Global]. Operators should fold advisories into change windows and validate compensating controls for internet-exposed OT gateways. (Source: CISA, 02-10-2025).

Two offenders sentenced in online child abuse case following NCA probe — A UK court handed down sentences of 15 years and eight years to two offenders after a National Crime Agency investigation (01-10-2025) [UK]. The case underlines law-enforcement prioritization of online exploitation and cross-border evidence handling. (Source: NCA, 01-10-2025).

US launches Cybersecurity Awareness Month 2025 — DHS and CISA kicked off October initiatives urging all sectors to strengthen basic cyber hygiene and incident readiness (29-09-2025) [US]. Campaign materials can support workforce drills and tabletop scenarios during elevated threat activity. (Source: CISA, 29-09-2025).

FCC data breach notification order back under review — The agency signaled reconsideration of its data-breach order after a court setback, with industry still seeking clarity on compliance timelines (01-10-2025) [US]. Outcome will shape reporting thresholds and timelines for telecoms and adjacent providers. (Source: Broadband Breakfast, 01-10-2025).

NCSC reopens applications for post-quantum crypto pilot — The UK’s NCSC expanded its PQC assurance pilot to help organizations validate migration paths and supplier claims (01-10-2025) [UK]. Early participation supports crypto-agility roadmaps and reduces future migration risk across identity and TLS. (Source: techUK / NCSC, 01-10-2025).

ENISA threat landscape: state-aligned and hacktivist risks intensify — New analysis highlights escalating state-aligned intrusions and hacktivism across EU sectors, guiding control priorities and tabletop assumptions (03-10-2025) [EU]. CISOs should align monitoring and third-party risk reviews with ENISA’s observed TTPs. (Source: Industrial Cyber summarizing ENISA, 03-10-2025).