Kingborough Council is investigating a property-data exposure in Tasmania after a technical configuration issue made ArcGIS-linked ownership and occupancy data accessible online [APAC]. The inquiry has engaged legal and technical specialists, removed public access, and is assessing whether up to 26,000 property records were viewed or misused, with no current evidence of financial data exposure or system compromise. (Source: Herald Sun, 02-05-2026)

Checkmarx confirmed data theft from its GitHub environment after attackers abused its supply-chain position to publish malicious code and later exfiltrate repository-linked material [AMER]. The evidential trail places compromise activity across code publication, GitHub access and data removal, giving investigators a timeline for validating build artefacts, repository access logs, dependency trust paths and downstream customer exposure. (Source: SecurityWeek, 29-04-2026)

The Asian Football Confederation and associated club datasets were allegedly breached, with passport scans, contracts, emails and player registration data offered through a cybercrime forum [APAC]. Investigators must now validate sample authenticity, trace data provenance across federation and club systems, separate opportunistic branding from credible attribution claims, and assess identity-fraud risk for more than 150,000 players and coaches. (Source: TechRadar, 30-04-2026)

Trend Micro researchers reported Shadow-Earth-053 targeting government, defence and critical infrastructure organisations across South, East and Southeast Asia, with spillover into a NATO member state [APAC]. The investigation centres on Exchange and IIS exploitation, persistence infrastructure, China-aligned tradecraft and victimology that may help correlate intrusion sets across regional government networks and strategically sensitive suppliers. (Source: Industrial Cyber, 04-05-2026)

Instructure confirmed that attackers stole data from its Canvas learning platform, while ShinyHunters claimed responsibility and threatened publication of the material [AMER]. The exposed data reportedly includes names, email addresses, student ID numbers and user messages, making notification scope, tenant separation, message-content review and account-abuse monitoring central to the continuing investigation. (Source: BleepingComputer, 03-05-2026)

More than 40,000 servers were reportedly compromised in ongoing exploitation of a patched cPanel zero-day, with attacks linked to administrative access and ransomware deployment [Global]. The scale makes this a major hosting-sector incident, requiring server owners to examine control-panel logs, privilege changes, webroot modifications, encryption activity and indicators tied to CVE-2026-41940 exploitation. (Source: SecurityWeek, 04-05-2026)

Australia’s Cyber Security Centre warned of active exploitation of CVE-2026-41940 in cPanel and WHM, affecting exposed hosting infrastructure after emergency patches were released [APAC]. The advisory describes authentication bypass leading to control-panel access and potential remote code execution, giving defenders a clear basis for patch validation, internet-facing asset review and post-exploitation log examination. (Source: ASD ACSC, 01-05-2026)

ConsentFix v3 attacks were reported targeting Microsoft Azure environments through automated OAuth-abuse workflows promoted in criminal forums [Global]. The technique increases investigative pressure around consent grants, enterprise application creation, anomalous service-principal activity and cloud audit logs, especially where attackers attempt to bypass user suspicion by automating malicious authorisation flows. (Source: BleepingComputer, 02-05-2026)

The FBI warned of a surge in cyber-enabled cargo theft, with attackers targeting brokers and carriers through compromised accounts, deceptive instructions and logistics-sector impersonation [AMER]. For investigators, the alert links digital account abuse to physical goods diversion, requiring correlation between email compromise, load-board access, carrier identity evidence, shipment routing records and financial beneficiary tracing. (Source: SecurityWeek, 01-05-2026)

Europol’s IOCTA 2026 assessed cybercrime’s evolving threat landscape, highlighting automation, AI-enabled offending, DNS abuse and slow reporting as persistent barriers to disruption [EMEA]. The law-enforcement picture emphasises that cyber investigations increasingly depend on fast infrastructure reporting, cross-border data access, platform cooperation and evidence preservation before criminal services rotate domains, wallets or hosting providers. (Source: Europol, 04-05-2026)

Australia released joint guidance on cautious adoption of agentic AI services, warning that autonomous systems introduce security, governance and accountability risks beyond conventional software and generative AI [APAC]. The guidance is important for investigation teams because tool autonomy, delegated permissions and interconnected workflows can complicate evidence attribution, audit reconstruction and responsibility mapping after misuse or compromise. (Source: ASD ACSC, 01-05-2026)

Australia updated its assessment of frontier AI models and cyber security impact, setting out what advanced models likely can and cannot currently do for cyber risk [APAC]. The update helps organisations calibrate controls against realistic model-enabled threats, while giving investigators a baseline for distinguishing genuine AI-assisted activity from ordinary automation, scripting or social-engineering tradecraft. (Source: ASD ACSC, 30-04-2026)