ransomware groups nova and qilin expanded their confirmed victim lists this cycle to include new south wales rural fire service, a maritime logistics firm, and a legal services provider. simultaneously cisa issued urgent patching directives for a check point vpn zero-day actively exploited by qilin affiliates, and three critical fortinet sandbox vulnerabilities rated 9.1 cvss are under active exploitation despite patches deployed months ago. the pattern — public safety infrastructure plus critical network security tooling — is structurally notable because the attack surface spans both physical-world emergency services and the security layer organizations use to defend themselves.