Half of manufacturers now stop ransomware before encryption, Sophos reports — A new Sophos study finds that 50% of manufacturing organisations can now halt ransomware attacks before encryption, reflecting sharper detection, response playbooks and SOC maturity in plants across Europe, Asia and the Americas [Global]. The report warns, however, that adversaries are pivoting to pure data-theft and extortion models, meaning DFIR teams must double down on containment, dark-web monitoring and negotiation readiness rather than relying solely on backup-led recovery (Source: The Times of India, 05-12-2025).

G7 issues playbook for collective incident response in finance — HM Treasury has published G7 “Fundamental Elements of Collective Cyber Incident Response and Recovery” for the financial sector, outlining how regulators, banks and market infrastructures should co-ordinate during major cyber events [EMEA]. For DFIR leaders, the guidance formalises expectations around cross-border information sharing, joint exercises and recovery planning, raising the bar for tabletop scenarios and stressing that fragmented responses can quickly turn an incident into a systemic crisis (Source: HM Treasury, 03-12-2025).

London councils warn of data breach as recovery set to take weeks — Kensington and Chelsea, Hammersmith and Fulham, and Westminster councils in London have confirmed a major cyber incident, warning residents of a likely data breach while digital services are gradually restored over coming weeks [EMEA]. The tri-borough investigation, led with the National Cyber Security Centre and police support, illustrates how intertwined local-government systems can amplify impact and why digital forensics, log retention and supplier oversight are critical to scoping multi-tenant compromises (Source: PublicTechnology, 02-12-2025).

ICO reprimands Post Office over Horizon scandal data breach — The UK Information Commissioner’s Office has formally reprimanded the Post Office after an unredacted settlement document exposed names and home addresses of hundreds of wrongly prosecuted sub-postmasters linked to the Horizon IT scandal [EMEA]. Investigators found weak publication checks, poor staff training and missing governance around sensitive datasets, underscoring how even non-technical errors can have serious evidential and safeguarding implications for organisations already under intense legal scrutiny (Source: Cyber Security Review, 04-12-2025).

Coupang breach exposes data of 33.7 million customers — South Korean e-commerce giant Coupang has disclosed a five-month intrusion that exfiltrated personal information for 33.7 million users, including names, email addresses, phone numbers and delivery details before detection in November [APAC]. The scale and dwell time make this one of Asia’s largest data breaches in a decade, triggering regulatory probes, class-action moves and renewed scrutiny of access controls around encryption keys and privileged insiders in high-growth platforms (Source: SecurityWeek, 02-12-2025).

Devman ransomware gang claims attack on financial organisation — The Devman ransomware group has claimed responsibility for compromising “FinanceOrg,” threatening to leak stolen financial records, medical cards and HR documents unless its extortion demands are met [AMER]. While details remain limited, the case reinforces how mid-tier financial entities remain prime targets for double-extortion crews, highlighting the need for strong backup segregation, data-loss monitoring and legal readiness for potential regulatory notification and customer redress (Source: Dexpose, 07-12-2025).

Amazon warns of Chinese campaigns exploiting React2Shell flaw — Amazon has reported ongoing attempts by Chinese state-aligned hackers to exploit the critical React2Shell (CVE-2025-55182) vulnerability against cloud customers, following emergency hardening of its own infrastructure [Global]. The advisory stresses that unpatched React Server Components stacks present an attractive RCE path for supply-chain and SaaS compromises, making rapid patching, WAF tuning, rigorous dependency inventory and attack-surface management urgent priorities for developers and defenders (Source: Industrial Cyber, 08-12-2025).

Android December update fixes two exploited zero-days — Google’s December 2025 Android Security Bulletin patches more than 100 vulnerabilities, including two Framework zero-days (CVE-2025-48633 and CVE-2025-48572) already exploited in targeted attacks, likely linked to commercial spy-ware operators [Global]. For mobile-focused DFIR and MDM teams, the release underscores the need to prioritise patch rollout, verify fleet coverage and monitor for exploitation artefacts on high-risk devices, especially executives and journalists travelling across jurisdictions (Source: SecurityWeek, 02-12-2025).

High school dropout arrested in “digital arrest” extortion ring — Uttar Pradesh’s Special Task Force has arrested a 40-year-old high-school dropout who allegedly managed money-laundering and account operations for a “digital arrest” scam syndicate that extorted nearly ₹95 lakh from a Lucknow professor through staged video calls and forged legal notices [APAC]. The case shows how organised gangs industrialise social-engineering scripts, layering hundreds of micro-transactions to obfuscate flows, and highlights the importance of rapid banking co-operation and financial-forensics skills in cyber units (Source: The Times of India, 06-12-2025).

Uttarakhand Police bust Dubai-trained online betting fraud gang — Uttarakhand Police have dismantled a cyber-fraud network allegedly trained in Dubai that used fake “Fairplay” betting platforms and mule accounts across several Indian states to siphon crores of rupees from victims [APAC]. Seizures of devices, SIM cards and identity documents provide rich artefacts for digital forensics, while the operation underlines how cross-border training hubs and payment rails are increasingly central to large-scale cyber-enabled economic crime (Source: The420.in, 07-12-2025).

Portugal updates cybercrime law to protect good-faith researchers — Portugal has amended its cybercrime legislation to create a legal safe harbour for good-faith security research, carving out exemptions for activities such as vulnerability probing and responsible disclosure when conducted under strict conditions [EMEA]. The move, welcomed by the security community, offers a blueprint for balancing offensive-tool abuse concerns with the need for transparent testing, and may influence how other EU states implement NIS2 and related frameworks (Source: BleepingComputer, 07-12-2025).

Guidance published on UK Data (Use and Access) Act 2025 — New analysis of the UK’s Data (Use and Access) Act 2025 highlights how phased implementation over the Christmas period will reshape data-sharing, algorithmic access and state reuse of private-sector datasets [EMEA]. For CISOs and DPOs, the Act introduces fresh governance, logging and DPIA expectations around secondary use, meaning security and privacy teams must collaborate closely to keep forensic visibility while meeting tighter statutory transparency and accountability requirements (Source: Bridewell, 03-12-2025).

Germany passes NIS2 implementation law with stricter security duties — Germany has adopted its NIS2 Implementation Act, updating the BSI Act and sectoral laws to impose tougher cyber-risk management, incident reporting and supply-chain due-diligence requirements on thousands of operators and digital providers [EMEA]. Compliance teams now face mandatory measures spanning contingency planning, staff training and third-party oversight, with national authorities empowered to enforce fines and validate industry-specific standards, making proactive gap assessments urgent ahead of first audits (Source: Freshfields Technology Quotient, 06-12-2025).

Updated guidance on ISO 27001 Annex A 6.1 screening — New ISO 27001:2022 Annex A 6.1 guidance emphasises risk-based personnel screening, requiring organisations to tailor background checks and ongoing evidence collection to the sensitivity of systems and data each role can access [Global]. For compliance and HR teams, the update reframes screening as a continuous control with auditable records, directly linking people-risk management to certification status, customer assurances and the defensibility of security governance in post-incident reviews (Source: ISMS.online, 01-12-2025).

Third-party breach exposes OpenAI API user account metadata — OpenAI has confirmed that a breach at a third-party analytics provider exposed API customer account information, including names, email addresses, locations, user-agent data and account identifiers, though model prompts and payment details were reportedly unaffected [AMER]. The incident is a reminder that even security-conscious AI platforms inherit risk from SaaS telemetry and marketing stacks, demanding rigorous vendor assessments, data-minimisation and separate monitoring of non-core “shadow” integrations (Source: CPO Magazine, 04-12-2025).

Breach at Japanese online platform www.toc.co.jp raises user privacy concerns — A recent breach at Japanese web platform www.toc.co.jp has potentially exposed sensitive customer data from a large local user base, after attackers compromised systems expected to uphold strict confidentiality controls [APAC]. The case underlines how regional consumer portals, not just global Big Tech apps, carry significant privacy and fraud risk, reinforcing the need for robust logging, timely notification and clear guidance to users on credential resets and phishing defences (Source: Shamis & Gentile, P.A., 06-12-2025).