[EMEA] The European Commission disclosed suspicious activity against its mobile device management platform and stated the incident was contained and the system cleaned within hours, with no compromise of managed devices reported. The rapid isolation and remediation timeline is a useful DFIR benchmark for MDM estates, highlighting the need for high-fidelity telemetry, privileged-access review, and rehearsed containment steps for endpoint-management infrastructure. (Source: European Commission Press Corner, 09-02-2026)

[EMEA] Reporting on the same incident indicates CERT-EU detected indicators on infrastructure supporting staff mobile devices, triggering an investigation into potential exposure paths via management systems. For responders, this reinforces that MDM/EMM platforms are high-value choke points, and incident scoping should include configuration baselines, enrolment tokens, API access, and downstream identity artifacts that can persist beyond initial cleanup. (Source: The Register, 09-02-2026)

[APAC] Ambala cybercrime police arrested a suspect linked to an online “task” scam operated via Telegram, with investigators tracing transfers into accounts associated with the accused and pursuing additional participants. The case illustrates how modern fraud investigations increasingly hinge on rapid financial tracing, device seizures, and messaging-platform artifacts to attribute roles across a distributed scam supply chain and recover victim funds. (Source: Times of India, 07-02-2026)

[APAC] Nagpur Cyber Police arrested two suspects in an online investment fraud probe, alleging the use of mule bank accounts opened with stolen documents to route proceeds and dissipate funds. For cyber investigations teams, the emphasis on account origination evidence, KYC abuse, and bank-led refund mechanisms signals where evidential packages and cross-jurisdiction requests can shorten time-to-disruption. (Source: Times of India, 08-02-2026)

[APAC] A Singapore telecommunications provider said it is investigating an alleged state-linked cyberattack after unusual activity was identified, with authorities and the firm assessing impact and containment steps. Telcos sit on identity, location, and signalling data, so even limited footholds can cascade into intelligence collection or downstream compromise, making third-party access controls, network segmentation, and transparent incident communications operationally critical. (Source: GovTech, 09-02-2026)

[AMER] Reporting on the 2026 Winter Olympics describes cyberattacks including DDoS and disruption attempts aimed at event services and operational continuity, with organisers working to mitigate availability impacts. High-profile events concentrate fragile dependencies, such as ticketing, broadcast uplinks, and venue IT/OT, so this incident underscores the value of surge-capacity DDoS protections, rehearsed failover, and vendor-integrated incident response across the delivery chain. (Source: The Verge, 06-02-2026)

[AMER] Microsoft said it is observing exploitation of SolarWinds Web Help Desk vulnerabilities that can enable remote code execution and, in some cases, domain compromise, with attacker tradecraft including PowerShell and tunnelling behaviors. This matters because IT service-management tooling is often Internet-exposed and over-privileged, so defenders should prioritize patching, restrict external access, and hunt for post-exploitation patterns consistent with credential access and lateral movement. (Source: Microsoft Security Blog, 06-02-2026)

[AMER] Reporting notes a CISA-driven directive for U.S. federal agencies to remediate vulnerable end-of-support edge devices within a defined deadline window, reflecting persistent exploitation of legacy perimeter gear. The significance is practical prioritisation: unmanaged edge devices frequently become initial-access brokers, so asset discovery, firmware lifecycle governance, and enforced decommissioning timelines reduce exposure more reliably than incremental hardening of unsupported platforms. (Source: Industrial Cyber, 09-02-2026)

[EMEA] Reporting says the UK is investigating suspected breaches of its cyber sanctions asset-freeze regime, following disclosures indicating multiple ongoing inquiries. Enforcement action in this space matters because sanctions compliance has become an operational security control, requiring firms to integrate threat-intel attribution, wallet screening, and incident reporting into legal and financial workflows to avoid penalties and reduce ransomware-payment risk. (Source: The Record, 04-02-2026)

[APAC] Times of India reports cybercrime raids resulting in multiple arrests tied to syndicates operating across India, with investigators focusing on mule accounts and digital platforms used to scale fraud. The operational takeaway for law enforcement and financial institutions is that fast interdiction depends on bank collaboration, rapid freezing orders, and repeatable evidence collection for device, account, and communication artifacts that tie operators to monetisation. (Source: Times of India, 08-02-2026)

[EMEA] The UK Parliament’s Cyber Security and Resilience (Network and Information Systems) Bill page reflects an updated status as of early February, supporting a broader reform agenda for critical services and digital infrastructure oversight. This matters because expanded coverage and stronger regulator powers increase the compliance burden, pushing organisations to formalise incident reporting, supply-chain assurance, and board-level risk governance before enforcement expectations harden. (Source: UK Parliament, 06-02-2026)

[EMEA] A practical NIS2 reporting FAQ outlines how organisations should assess incident severity and determine when statutory notifications are required, reflecting increased demand for clarity since NIS2 obligations took effect. The implication is that incident response must integrate legal thresholds and evidence capture early, ensuring timestamps, scope statements, and containment actions are defensible under regulator scrutiny without slowing technical remediation. (Source: Taylor Wessing, 06-02-2026)

[EMEA] IASME continues to provide the Cyber Essentials question set and scheme materials used by UK organisations to evidence baseline controls across devices, networks, and cloud-scoped services. This matters because CE evidence is frequently required in procurement and supply chains, so maintaining continuous compliance, rather than point-in-time audit readiness, improves resilience and reduces the “scramble to certify” dynamic ahead of annual scheme updates. (Source: IASME, 09-02-2026)

[EMEA] An industry briefing notes an April 2026 effective date for an updated Cyber Essentials requirements set, with a new question set expected to be published in early February. For compliance leads, this is a reminder to pre-map forthcoming deltas (especially cloud and MFA scope impacts) into control evidence and remediation backlogs, avoiding audit failures and procurement delays. (Source: Digital XRAID, 07-02-2026)

[AMER] Substack disclosed a breach involving internal user data, including email addresses, phone numbers, and related metadata, while stating passwords and payment details were not impacted. The security impact is primarily secondary compromise risk, as exposed identifiers fuel targeted phishing and account-takeover attempts across other services, so users and organisations should tighten MFA, monitor for SIM-swap indicators, and tune anti-phishing controls. (Source: The Verge, 05-02-2026)

[APAC] Reuters reports Coupang confirmed another tranche of personal data affecting additional users, extending the impact of a previously disclosed large-scale breach, with names and contact/address details among the exposed fields. The incident matters because scale amplifies social-engineering risk and regulatory scrutiny, and it reinforces that breach notification quality, evidence preservation, and measurable security improvements are now core expectations for consumer platforms. (Source: Reuters, 05-02-2026)