SonicWall attributes September cloud-backup breach to state-sponsored actor — SonicWall said its investigation into the September 2025 backup breach concluded a state-sponsored adversary was responsible, adding the intrusion was isolated and remediation is complete (06-11-2025) [US]. Attribution and scope updates help IR teams validate threat models, tune detections for similar TTPs, and prioritize third-party risk involving cloud backup workflows (Source: Cybersecurity-Review, 06-11-2025).

New Jersey health center discloses data breach tied to August ransomware attack — Central Jersey Medical Center began notifying affected individuals following an August ransomware incident that disrupted operations and led to data exfiltration (06-11-2025) [US]. Formal notification provides indicators and timelines DFIR teams can leverage to hunt for related activity in healthcare environments with similar third-party dependencies (Source: DataBreachToday, 06-11-2025).

Nevada ransomware started months before discovery, state report finds — A Nevada report shows the August 2025 ransomware incident began in May via a disguised IT tool download, spread across decentralized systems, and cost ~$1.5M in recovery (06-11-2025) [US]. The chronology underscores dwell time reduction, centralized SOC visibility, and phishing controls as core IR lessons for public-sector defenders (Source: AP News, 06-11-2025).

US Congressional Budget Office confirms contained cybersecurity incident — The CBO said it contained an intrusion and deployed new monitoring after the Senate warned congressional offices that email exchanges with CBO might have been exposed (06-11-2025) [US]. Government investigations like this signal potential phishing and BEC follow-on risks for any entities interacting with compromised mailflows (Source: Reuters, 06-11-2025).

Washington Post among victims of breach tied to Oracle software — The newspaper confirmed it was affected by a broader cyber incident linked to Oracle software, as organizations assess potential exposure and data access (06-11-2025) [US]. Media sector targeting and supply-chain dependencies make third-party SaaS control reviews and log triage urgent for potentially impacted tenants (Source: Reuters, 06-11-2025).

Qilin claims ransomware attack on Sai Mai Hospital in Thailand — Ransomware trackers observed a claim against Bangkok’s Sai Mai Hospital on 06-11-2025, indicating potential data exposure and extortion (06-11-2025) [APAC]. Healthcare operators should validate backups, segment clinical networks, and monitor for exfiltration beacons aligned to Qilin’s known playbook (Source: Ransomware.live, 06-11-2025).

‘Landfall’ spyware abused Android zero-day to target Samsung Galaxy devices — Researchers detailed a nearly year-long espionage campaign using a previously unknown Android vulnerability to deliver stealthy spyware to Galaxy phones (07-11-2025) [Global]. Mobile fleets should prioritize November Android patches, review EMM controls for sideloading, and hunt for Landfall IOCs on high-risk user sets (Source: TechCrunch, 07-11-2025).

CISA issues four ICS advisories covering Advantech, Ubia, and ABB — New advisories detail vulnerabilities across DeviceOn/iEdge, Ubox, and ABB FLXeon controllers, with fixes and mitigations for affected industrial deployments (06-11-2025) [US]. OT defenders should inventory impacted assets, apply vendor updates, and validate network segmentation between IT/OT zones (Source: CISA, 06-11-2025).

Cisco warns of new attack variants battering Unified CCX — Cisco highlighted active exploitation paths for CVE-2025-20354/20358 affecting Unified Contact Center Express and urged rapid upgrades to fixed releases (06-11-2025) [Global]. Voice/CC infrastructure often straddles IT/telephony boundaries, so teams should patch fast and monitor RMI auth failures and abnormal process spawns (Source: The Register, 06-11-2025).

Monsta FTP zero-day enables remote code execution — watchTowr Labs published details on CVE-2025-34299 enabling unauthenticated RCE in Monsta FTP, with exploitability observed during rapid-reaction testing (07-11-2025) [Global]. Internet-facing admin panels using Monsta FTP should be disabled or patched immediately and reviewed for webshells and anomalous logins (Source: watchTowr Labs, 07-11-2025).

Operation Chargeback dismantles card-fraud and laundering networks — On 04-11-2025, coordinated actions across Europe targeted three fraud/money-laundering networks affecting 4.3M cardholders and causing €300M in damages (04-11-2025) [EU]. The takedown highlights data-sharing between FIUs, banks and cyber units, informing red-flag indicators for DFIR teams investigating mule account activity (Source: Europol, 04-11-2025).

US ed-tech firm fined $5.1M over breach and poor security practices — California’s Attorney General imposed a multimillion-dollar penalty on an education technology provider after a breach exposed sensitive student data (06-11-2025) [US]. Regulatory enforcement raises stakes for weak controls around children’s data and will influence breach response negotiations and settlements (Source: The Record, 06-11-2025).

ENISA: public administrations face rising hacktivist DDoS campaigns — ENISA’s sector report and press note warn EU public bodies are increasingly targeted by DDoS, urging improved preparedness and mitigation (06-11-2025) [EU]. Policy attention on continuity and citizen-facing services should drive procurement of resilient hosting, scrubbing capacity, and runbooks for civic portals (Source: ENISA, 06-11-2025).

CISA rounds of ICS advisories for critical infrastructure — CISA released four ICS advisories with vendor guidance for asset owners to reduce risk in industrial environments (06-11-2025) [US]. Federal alerting sustains a common baseline for OT risk management and procurement compliance across regulated sectors (Source: CISA, 06-11-2025).

NCSC to retire Mail Check and Web Check by March 2026 — The UK NCSC advised organisations to plan alternatives for Mail Check and Web Check services ahead of deprecation deadlines (06-11-2025) [UK]. Governance and compliance teams should update security monitoring SLAs, procurement roadmaps, and service descriptions to maintain assurance coverage (Source: NCSC, 06-11-2025).

Global privacy & security update: November 2025 — A legal roundup highlights current regulatory changes and litigation themes organisations should track in privacy, cybersecurity, and incident reporting (07-11-2025) [Global]. Compliance officers can map these developments into internal control testing and breach-notification playbooks to reduce regulatory exposure (Source: The National Law Review, 07-11-2025).