NCSC pilots proactive vulnerability alerts for UK organisations — The UK’s National Cyber Security Centre has begun testing its “Proactive Notifications” service, which automatically flags exposed and vulnerable devices in participating organisations so they can be fixed before attackers strike [EMEA]. This matters to DFIR teams because it converts national-scale scanning into targeted early warnings, shrinking attacker dwell time and creating a high-value queue of assets to investigate and patch (Source: BleepingComputer, 04-12-2025).

Report finds 44.5% surge in global cyber-extortion incidents — New Cy-X research cited by Asia-Pacific analysts shows a 44.5% year-on-year increase in cyber-extortion victims worldwide, with smaller organisations increasingly targeted due to weaker defences and slower incident response [APAC]. For DFIR practitioners, the trend underlines the need for rehearsed playbooks, faster triage of double-extortion cases, and closer monitoring of third-party vendors that attackers now see as easier routes into well-defended enterprises (Source: ITBrief Asia, 05-12-2025).

Analysis highlights the hidden business cost of cyber incidents — A UK-focused analysis of recent breaches breaks down how regulatory fines, downtime, legal fees and customer churn often dwarf initial ransom or remediation costs, especially when boards underfund incident readiness [EMEA]. The piece reinforces that mature IR programmes, tabletop exercises and strong evidence-handling processes are not “nice to haves” but core protections against long-tail financial damage and executive-level accountability (Source: CyberLab, 04-12-2025).

German police raid suspected large-scale pay-TV piracy ring — Police in Germany have raided multiple locations in a long-running investigation into a gang accused of illegally sharing pay-TV smartcards and redistributing encrypted channels to a large customer base [EMEA]. The case underscores how law enforcement increasingly relies on forensic analysis of decoders, card-sharing servers and payment records to dismantle subscription-fraud ecosystems that erode broadcast revenue and fund wider organised crime (Source: BroadbandTVNews, 04-12-2025).

Hyderabad police probe ₹2.2 crore ‘digital arrest’ scam targeting seniors — Cybercrime units in Hyderabad are investigating two “digital arrest” frauds in which senior citizens were coerced over video calls by impostors posing as investigators, ultimately transferring more than ₹2.2 crore under threat of fabricated charges [APAC]. For investigators, the cases highlight how behavioural evidence from call recordings, WhatsApp metadata and money flows is crucial to tracing highly mobile scam teams and their mule networks (Source: Times of India, 05-12-2025).

Ransomware attack on Marquis Software Solutions impacts 74 US banks — Marketing and compliance vendor Marquis Software Solutions has confirmed a ransomware intrusion that exploited a SonicWall device and ultimately exposed data on more than 400,000 customers across 74 banks and credit unions [AMER]. The case reinforces third-party risk concerns for financial institutions that depend on shared platforms, underscoring the need for stronger vendor oversight, segmentation and detailed contract language around incident reporting and forensic cooperation (Source: SC Media, 04-12-2025).

Inotiv confirms theft of personal data in ransomware attack — US pharmaceutical services firm Inotiv is notifying 9,542 affected individuals after a ransomware intrusion led to exfiltration of names, addresses, Social Security numbers and some financial and medical details from its systems [AMER]. For DFIR teams in life-sciences, the breach illustrates how research and trial ecosystems remain attractive high-value targets and why strong logging, encryption and breach-response coordination with regulators are essential (Source: SecurityWeek, 04-12-2025).

Japan’s Askul confirms data leak after major cyberattack — Japanese e-commerce and logistics company Askul has acknowledged that customer and partner information was leaked externally following a significant cyberattack, and is still working to notify affected parties and restore operations [APAC]. The incident highlights how operational technology, logistics platforms and customer databases are increasingly intertwined, demanding integrated incident-response plans that address both business continuity and evidence preservation (Source: Hyperight, 03-12-2025).

US universities join victim list of Oracle EBS hacking campaign — The University of Pennsylvania and the University of Phoenix have disclosed data breaches linked to an Oracle E-Business Suite exploitation campaign that has also hit other major institutions [AMER]. For higher-education networks, the incident underscores how shared ERP platforms can become single points of failure and why coordinated patching, logging and cross-institutional threat intelligence are vital to limit cascading compromise (Source: SecurityWeek, 03-12-2025).

US and Canada warn critical infrastructure about Chinese ‘Brickstorm’ backdoor — A joint advisory from US and Canadian agencies details “Brickstorm,” a sophisticated backdoor used by Chinese state-linked actors to maintain long-term access to VMware vSphere environments in government and IT networks [Global]. The campaign shows how deeply embedded footholds can be used for future disruption or sabotage, reinforcing calls for rigorous patching, virtualisation hardening and continuous monitoring of administrative activity (Source: Reuters, 04-12-2025).

‘ShadyPanda’ campaign turns trusted browser extensions into spyware — Researchers have detailed a seven-year operation dubbed ShadyPanda that weaponised 145 Chrome and Edge extensions, ultimately harvesting browsing data and enabling remote code execution on an estimated 4.3 million devices [Global]. The findings highlight a dangerous blind spot in extension vetting and update controls, reminding defenders to treat browser add-ons as part of the attack surface and to include them in threat hunting and user-awareness efforts (Source: Dark Reading, 03-12-2025).

Everest ransomware gang claims ASUS breach and demands negotiation — The Everest ransomware group says it has stolen over 1TB of data from hardware giant ASUS, including camera source code, and is publicly pressuring the company to respond on its leak site [APAC]. Even without full confirmation, the claim shows how data-theft gangs weaponise publicity and supply-chain fears to raise pressure, pushing vendors to strengthen third-party security, code protection and crisis communications plans (Source: SC Media, 03-12-2025).

Europol-led operation dismantles €700m crypto fraud and laundering network — Europol has coordinated raids across eight countries to break up a sprawling cryptocurrency investment fraud ring that laundered more than €700 million through fake platforms, call centres and sophisticated money flows [EMEA]. For cybercrime fighters, the case demonstrates how joint financial intelligence, crypto-transaction tracing and coordinated seizure of digital assets can meaningfully disrupt industrial-scale scam operations (Source: Europol, 04-12-2025).

Thailand seizes $300m in assets in regional cyberscam crackdown — Thai authorities have seized more than $300 million in assets and issued 42 arrest warrants targeting alleged cyberscam networks linked to Chinese-Cambodian tycoons operating across South-East Asia [APAC]. The crackdown shows how financial crime, human trafficking and online fraud intersect, and signals that regional law enforcement is increasingly willing to pursue cross-border kingpins rather than just low-level call-centre operators (Source: The Guardian, 04-12-2025).

Ahmedabad police investigate ‘digital arrest’ scam costing victim ₹15.2 lakh — In Gujarat, a retired government employee lost ₹15.2 lakh after fraudsters posing as Mumbai Police and Enforcement Directorate officials used video calls, forged warrants and intimidation to force repeated bank transfers [APAC]. The investigation underlines the importance of rapid reporting to cybercrime helplines, as early freezes can still recover funds, and shows why public awareness of impersonation tactics is now a core cybercrime-prevention tool (Source: Times of India, 05-12-2025).

FinCEN says global law enforcement pressure cut ransomware payments in 2024 — The US Financial Crimes Enforcement Network reports that recorded ransomware incidents and associated payments fell in 2024 following major disruptions of two high-profile gangs and stronger reporting requirements for financial institutions [AMER]. For policy-makers and CISOs, the data suggests coordinated takedowns and tighter AML controls can shift attacker economics, but also warns that actors may pivot to less visible extortion models (Source: PYMNTS, 04-12-2025).

UK Post Office reprimanded, not fined, over breach exposing Horizon victims’ data — The UK Information Commissioner’s Office has formally reprimanded, but not fined, the Post Office after an unredacted legal document exposed names and addresses of hundreds of wrongfully convicted sub-postmasters online [EMEA]. The decision raises questions for privacy and legal teams about how regulators balance harm and intent, and reinforces the need for rigorous data-handling controls around highly sensitive case files (Source: The Guardian, 03-12-2025).

South Korea’s president pushes tougher penalties after Coupang mega-breach — Following a breach affecting 33.7 million Coupang customers, South Korea’s President Lee Jae Myung has called for stronger data protection laws and harsher sanctions for firms that fail to safeguard personal information [APAC]. The move shows how large-scale consumer incidents can rapidly translate into regulatory change, and it signals to security leaders across the region that board-level accountability for privacy failures is intensifying (Source: Times of India, 03-12-2025).

Global cyber agencies issue joint AI security guidance for OT environments — A new 25-page guide from CISA and partner agencies sets out four principles for safely integrating AI into operational technology, including robust risk assessment, secure design and continuous monitoring of AI-enabled control systems [Global]. Critical-infrastructure operators can treat this as an emerging baseline for AI governance, mapping it against existing NIST and IEC frameworks to avoid unsafe experimentation in production plants (Source: SecurityWeek, 04-12-2025).

CISA publishes nine new ICS advisories across multiple vendors — CISA has released nine Industrial Control Systems advisories covering high-severity vulnerabilities in widely used ICS products, urging asset owners to apply patches, limit network exposure and implement compensating controls where fixes are unavailable [AMER]. For compliance teams operating under critical-infrastructure regulations, these advisories effectively become to-do lists, with unremediated flaws likely to draw scrutiny from regulators and cyber insurers alike (Source: CISA, 04-12-2025).

Two new flaws added to CISA’s Known Exploited Vulnerabilities catalog — CISA has added an OpenPLC ScadaBR issue and an Android Framework vulnerability to its KEV catalog, obliging US federal agencies to patch within defined timelines and strongly signalling active exploitation in the wild [AMER]. Security leaders beyond government should treat KEV entries as prioritised patch queues, building them into risk-based vulnerability management and monitoring for exploitation attempts in their own environments (Source: CISA, 02-12-2025).

Freedom Mobile discloses data breach impacting Canadian subscribers — Canadian carrier Freedom Mobile has revealed that attackers compromised its customer account management platform and accessed personal data belonging to an undisclosed number of subscribers, though passwords and payment information were reportedly not exposed [AMER]. The incident highlights the ongoing attractiveness of telecoms as identity-data troves and reminds defenders to harden self-service portals, API integrations and downstream identity-proofing workflows (Source: BleepingComputer, 03-12-2025).

Leroy Merlin France loyalty programme breach exposes customer PII — Home improvement retailer Leroy Merlin has confirmed that a cyberattack on its French loyalty systems exposed customer names, contact details, dates of birth and loyalty-programme information, raising fears of targeted phishing against DIY shoppers [EMEA]. The case illustrates how retailers’ marketing and analytics platforms can become high-value targets, and why privacy-by-design and tokenisation should extend beyond payment systems into loyalty and CRM data (Source: Rescana, 03-12-2025).

French Football Federation breach leaks data on millions of members — The French Football Federation has confirmed a breach in an administrative system that exposed personally identifiable information for club members, including names, contact details and licence numbers, though banking data was not affected [EMEA]. Sports bodies and membership organisations should treat the case as a warning that fan and participant databases are prime targets for credential-stuffing, phishing and scalping scams (Source: TechRadar Pro, 02-12-2025).