Microsoft releases October 2025 security update for Windows 11 (OS Build 26100.6899) — Microsoft shipped cumulative security fixes for Windows 11 on Patch Tuesday, addressing vulnerabilities across core components (14-10-2025) [AMER]. Rapid patch validation and deployment reduce attacker dwell time and close privilege-escalation paths observed in post-compromise forensics (Source: Microsoft Support, 14-10-2025).

Windows 11 23H2 also receives cumulative security updates (KB5066793) — Additional servicing updates landed for 23H2 systems with security hardening and quality improvements (14-10-2025) [AMER]. DFIR teams should map these to known exploitation chains in enterprise images and confirm EDR exclusions do not block installation (Source: Microsoft Support, 15-10-2025).

CISA issues new ICS advisory for Rockwell Automation 1715 EtherNet/IP Comms Module — The advisory documents vulnerabilities and mitigations affecting Rockwell 1715 modules used in safety instrumented systems (14-10-2025) [AMER]. OT responders should validate compensating controls and coordinate maintenance windows to apply vendor guidance without introducing unsafe states (Source: CISA, 14-10-2025).

US indicts chairman of Prince Group over forced-labour scam compounds tied to crypto fraud — The Justice Department unsealed charges linked to large-scale online fraud and announced the largest-ever forfeiture action against approximately $15B in bitcoin in U.S. custody (14-10-2025) [AMER/APAC]. The case highlights transnational crypto-enabled crime infrastructure and the need for cross-border evidence preservation and blockchain analytics in investigations (Source: U.S. DOJ, 14-10-2025).

PowerSchool hacker sentenced to four years’ imprisonment — A Massachusetts man received a four-year sentence for hacking education provider PowerSchool and attempting multimillion-dollar extortion impacting tens of millions of records (14-10-2025) [AMER]. Sentencing underscores evidential value of credential-stuffing artefacts, extortion communications, and cryptocurrency tracing in modern prosecutions (Source: Reuters, 14-10-2025).

Singapore Police warn of uptick in government-official impersonation scams — Authorities issued a 14 October advisory after a rise in phone and email scams abusing government branding and demanding payments or credentials (14-10-2025) [APAC]. The alert provides indicators that DFIR and fraud teams can operationalise in call-centre scripts, takedown workflows, and user awareness (Source: Singapore Police Force, 14-10-2025).

Asahi Group issues fourth update on ransomware disruption; possible data exfiltration under review — The Japan-based beverages group said the impact is limited to systems managed in Japan and is working with external experts on restoration and notification if personal data transfer is confirmed (14-10-2025) [APAC]. Multi-update transparency supports incident communications while DFIR teams triage scope, containment, and legal notification thresholds (Source: Asahi Group Holdings, 14-10-2025).

Michigan City, Indiana confirms September cyber incident was ransomware — The city disclosed that systems taken offline on 23 September were impacted by ransomware after initial “network disruption” messaging (14-10-2025) [AMER]. Municipal environments remain prime targets; playbooks should include offline backups testing, rapid public status updates, and essential-services continuity (Source: The Record, 14-10-2025).

Discord breach dispute: vendor 5CA denies being hacked after IDs of ~70,000 users exposed — 5CA said it did not handle government ID images and that an external human-error source may be involved while forensics continue (15-10-2025) [EMEA/AMER]. Third-party breach attribution uncertainty reinforces supplier-risk logging, minimum-data handling principles, and contractually mandated forensic transparency (Source: The Verge, 15-10-2025).

CISA adds five vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog — The additions mandate federal remediation by 04-11-2025 and signal active exploitation in the wild (14-10-2025) [AMER]. KEV alignment helps defenders prioritise patching and countermeasures where exploitation evidence is confirmed (Source: CISA, 14-10-2025).

Oracle issues emergency alert for CVE-2025-61884 in E-Business Suite (unauthenticated access) — Oracle published guidance and patches for versions 12.2.3–12.2.14 amid active exploitation following the earlier CVE-2025-61882 zero-day (04-10-2025; updated 14-10-2025) [AMER/EMEA/APAC]. Enterprise ERPs should be scanned for malicious templates and internet egress, with immediate patching and compromise assessment per vendor instructions (Source: Oracle Security Alerts, 2025-10-04/14).

Exploit for Oracle E-Business Suite flaw leaked; Oracle quietly ships out-of-band fix — Researchers report ShinyHunters leaked a PoC for CVE-2025-61884 and Oracle released an additional out-of-band update to mitigate active breaches (14-10-2025) [AMER]. SOCs should hunt for exploitation artefacts and validate patch levels across EBS tiers to pre-empt extortion activity (Source: BleepingComputer, 14-10-2025).

Rockwell Automation 1715 EtherNet/IP Comms Module advisory details crash/availability risks — CISA’s ICSA-25-287-01 outlines conditions that can cause unexpected system crashes and loss of availability, with mitigations provided (14-10-2025) [AMER]. OT defenders should test changes in a controlled environment and monitor for anomalous traffic to safety systems (Source: CISA ICS Advisory, 14-10-2025).

ICO fines Capita £14m for 2023 data breach — The UK regulator issued £8m and £6m penalties to Capita plc and Capita Pension Solutions respectively for security failings impacting over six million people (15-10-2025) [EMEA]. The action reinforces regulatory expectations on breach prevention, timely response, and supplier oversight evidenced in penalty notices (Source: ICO, 15-10-2025).

DOJ announces indictment linked to Cambodian scam compounds and crypto fraud — Prosecutors detailed charges against a multinational actor and associated forfeiture actions targeting billions in bitcoin connected to online fraud ecosystems (14-10-2025) [AMER/APAC]. The case illustrates joint operations, financial seizures, and seizure-resistant evidence preservation critical to disrupting cyber-enabled organised crime (Source: U.S. DOJ, 14-10-2025).

NCSC Annual Review 2025 outlines evolving state threats and intrusion-as-a-service ecosystem — The review highlights continued state-backed targeting and an expanding intrusion sector shaping the UK threat picture (14-10-2025) [EMEA]. Policy teams should align risk scenarios and sector guidance to this synthesis to inform prioritisation and resilience planning (Source: NCSC, 14-10-2025).

Active Cyber Defence at scale expands UK protective services footprint — NCSC reported growth of Protective DNS and related services to raise national baseline security for public bodies and sectors (14-10-2025) [EMEA]. Adoption patterns and telemetry from ACD help CISOs benchmark defensive coverage and inform managed-service procurement (Source: NCSC, 14-10-2025).

ISO/IEC 27701:2025 (PIMS requirements and guidance) published — ISO released the 2025 edition of its Privacy Information Management System standard specifying requirements and implementation guidance (14-10-2025) [Global]. Organisations processing PII should map controls to 27001/27701 for audit readiness and regulator alignment (Source: ISO, 14-10-2025).

ISO/IEC 27706:2025 (PIMS certification bodies requirements) released — A new standard sets competence and consistency requirements for bodies auditing/certifying PIMS implementations (14-10-2025) [Global]. This helps harmonise certification schemes and gives compliance teams clearer expectations for third-party audits (Source: ISO, 14-10-2025).