React2Shell now being used in real-world attacks — Researchers and responders reported active exploitation attempts against apps using the React build chain, with incident teams tracking payload delivery and advising rapid patching/mitigations (08-01-2026) [AMER]. For DFIR, this is a high-signal case where build tooling becomes the intrusion path, so evidence collection must include CI/CD logs, dependency provenance, and web server telemetry—not just endpoint artifacts (Source: CyberScoop, 08-01-2026).

CISA publishes OT advisory affecting Hitachi Energy Asset Suite — CISA issued an ICS advisory detailing vulnerabilities and recommended compensating controls for environments running Hitachi Energy’s Asset Suite, highlighting exposure paths and remediation guidance for industrial operators (08-01-2026) [AMER]. IR teams supporting OT must validate segmentation, capture historian/engineering workstation logs early, and coordinate patch windows carefully because exploitation can produce safety and availability impacts beyond typical IT recovery patterns (Source: CISA, 08-01-2026).

US prosecutors charge man in Snapchat hacking investigation — US authorities charged an Illinois man with phishing access codes from nearly 600 women to compromise Snapchat accounts and traffic intimate images, with filings describing coordinated targeting and monetisation tactics (07-01-2026) [AMER]. For investigators and defenders, the case underscores how low-friction social engineering plus credential reuse can scale quickly, making robust account recovery telemetry, platform-to-LE liaison workflows, and rapid victim notification essential (Source: U.S. Department of Justice, 07-01-2026).

Sources say China-based hackers breached US House committee staff emails — Reuters reported that a China-linked intrusion accessed email accounts used by staffers tied to a US House committee, prompting a response effort focused on containment and attribution (08-01-2026) [AMER]. The operational takeaway is that modern investigations hinge on identity and mail-layer logs (OAuth grants, token issuance, mailbox rule changes), and responders should treat cloud audit trails as primary evidence alongside endpoint imaging (Source: Reuters, 08-01-2026).

Australian insurer Prosura confirms cyber breach — Prosura confirmed a cyber breach affecting systems linked to its operations while stating it had not verified claims that customer data was stolen, as reporting noted threat-actor assertions and the firm’s response posture (07-01-2026) [APAC]. The material governance issue is third-party and identity exposure: insurers concentrate sensitive datasets, so incident scoping should prioritise access pathways, privileged account review, and downstream notification readiness even where exfiltration is disputed (Source: ABC News, 07-01-2026).

Hacker claims sale of data from Caribbean travel portal Pickett & Associates — A threat actor advertised data purportedly taken from Pickett & Associates (a Caribbean travel portal), with reporting describing alleged dataset scope and the exposure risk for travellers and partner organisations (08-01-2026) [AMER]. For organisations relying on travel and booking suppliers, this reinforces the need for breach-ready vendor management, including contractual log retention, incident SLAs, and rapid credential rotation for SSO/API integrations tied to customer identity data (Source: ITPro, 08-01-2026).

CISA adds two vulnerabilities to the Known Exploited Vulnerabilities Catalog — CISA added two newly tracked exploited vulnerabilities to its KEV catalog and reiterated remediation expectations for affected organisations, signalling active adversary use in the wild (07-01-2026) [AMER]. For threat teams, KEV updates are a high-confidence prioritisation input: they should directly drive emergency patch queues, exposure hunting (internet-facing and internal), and validation that compensating controls are actually blocking exploit paths (Source: CISA, 07-01-2026).

Europe’s hospitality sector targeted by fake “blue screen” lures — Reporting described a campaign targeting hospitality organisations across Europe using deceptive “blue screen” tactics to social-engineer staff and deliver malicious payloads or credential theft workflows (07-01-2026) [EMEA]. This matters because front-desk and operations staff often sit outside mature security training loops, so defenders should harden email/web filtering, enforce phishing-resistant MFA, and monitor for anomalous remote tool installs common in hospitality intrusions (Source: Computing, 07-01-2026).

Cambodia arrests and extradites alleged scam-empire mastermind to China — Cambodian authorities arrested and extradited Chen Zhi, described as a key figure linked to large-scale online scam compounds, in what reporting framed as a major enforcement action against regional cyber-enabled fraud ecosystems (07-01-2026) [APAC]. The broader impact is that disruption pressure may shift scam infrastructure and money flows rapidly, so banks, crypto compliance teams, and investigators should watch for retaliatory pivots in laundering channels and victim targeting patterns (Source: The Record, 07-01-2026).

France releases Russian man wanted by the US for cyberhacking, lawyer says — Reuters reported that French authorities released a Russian national sought by the United States in connection with cyberhacking allegations, and he returned to Russia after the release (08-01-2026) [EMEA]. For law enforcement and corporate risk teams, the case illustrates how cross-border cyber prosecutions can hinge on jurisdictional and diplomatic dynamics, affecting deterrence and the practical likelihood of extradition-based accountability (Source: Reuters, 08-01-2026).

UK launches Government Cyber Action Plan backed by £210m — The UK government announced a refreshed Cyber Action Plan and new central unit approach intended to strengthen cyber resilience across public services, explicitly shifting from guidance toward clearer accountability and mandatory measures (06-01-2026) [EMEA]. For practitioners, this signals tightening governance expectations for public-sector supply chains and incident readiness, with likely downstream pressure on vendors to evidence controls, reporting discipline, and continuity planning (Source: GOV.UK, 06-01-2026).

CIRCIA readiness: incident reporting obligations come into sharper focus — Analysis highlighted how the US Cyber Incident Reporting for Critical Infrastructure Act is driving organisations to formalise reportability decisions, data collection, and escalation paths ahead of enforceable timelines (07-01-2026) [AMER]. The practical implication is that policy becomes an operational control: teams must align legal, SOC, and IR workflows so reporting triggers, retention, and evidentiary integrity are built into playbooks rather than improvised mid-incident (Source: The Cybersecurity Law Report, 07-01-2026).

CISA sunsets 10 emergency directives as KEV operationalises exploited-vuln response — Reporting said CISA retired ten historic emergency directives as exploited-vulnerability management has matured around the KEV catalog and broader federal patch governance practices (08-01-2026) [AMER]. Compliance teams should treat this as confirmation that “known exploited” is now a de facto audit and risk benchmark, requiring provable patch SLAs, exception handling, and continuous exposure measurement (Source: The Record, 08-01-2026).

NCSC outlines governance and incident-response expectations under the UK Cyber Action Plan — The UK NCSC detailed how the Government Cyber Action Plan aims to formalise responsibilities, reporting, and coordinated response across departments as resilience requirements become more structured (08-01-2026) [EMEA]. For regulated and public-sector-adjacent organisations, this raises the bar on evidenceable cyber governance—especially incident management controls, escalation clarity, and board-level accountability for remediation debt (Source: NCSC, 08-01-2026).

Malicious Chrome extensions exposed users’ AI chat data — Analysis reported that a cluster of Chrome extensions collected and leaked sensitive user content, including AI chat interactions, by exfiltrating data to attacker-controlled infrastructure (08-01-2026) [AMER]. This is materially important because consumer browser ecosystems are now a primary data boundary for work and personal life, so organisations should reinforce managed browser policies, extension allow-listing, and user guidance on AI data handling (Source: eSecurityPlanet, 08-01-2026).

Manage My Health breach: New Zealand patients continue to be contacted — New Zealand reporting said roughly half of affected patients had been contacted following the Manage My Health breach, with ongoing notification steps and consumer guidance continuing as impacts are assessed (08-01-2026) [APAC]. For the wider sector, this underlines that consumer trust hinges on notification speed and clarity, and that digital health platforms must plan for sustained comms, identity protection support, and fraud-monitoring as secondary harms emerge (Source: 1News, 08-01-2026).