The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews

This weekly cybersecurity roundup highlights a shift toward identity‑driven attacks and abuse of trusted cloud platforms, detailing a vishing extortion campaign ('Pink') targeting Microsoft 365, an 18‑month intrusion by China‑linked VerdantBamboo leveraging MSP compromises and multiple malware families, and an actively exploited Android zero‑day (CVE‑2025‑48595); it also reports a security audit of CBSE's OSM platform and promotes data‑minimization under India's DPDP as a defensive measure.