A landmark week for cybersecurity enforcement: INTERPOL conducts its largest coordinated takedown of 45,000 malicious IPs across 72 countries. The European Commission and EDPB publish joint guidelines on DMA-GDPR interplay. Poland's nuclear research centre suffers a cyberattack. Chrome patches two actively exploited zero-days. Supply chain attacks hit AppsFlyer SDK. Iran-linked groups target critical infrastructure worldwide.
INTERPOL announced its most sweeping cybercrime operation to date, seizing 45,000 malicious IP addresses and servers used in phishing, malware, and ransomware campaigns across 72 countries and territories.
94 individuals arrested, 110 more under investigation. 212 electronic devices and servers seized during coordinated raids. Bangladesh alone arrested 40 suspects and seized 134 devices related to loan scams, identity theft, and credit card fraud. In Togo, 10 suspects operating a fraud ring from a residential area were apprehended.
This operation demonstrates the growing operational capacity of international law enforcement in the cyber domain — a key pillar of the NIS2 Directive's emphasis on cross-border cooperation and information sharing. For compliance teams, the takedown reinforces several regulatory expectations:
In a parallel operation, authorities dismantled SocksEscort, a criminal proxy service that enslaved 369,000 residential routers across 163 countries into a botnet since 2020. The service marketed "static residential IPs with unlimited bandwidth" to bypass spam blocklists, with nearly 8,000 infected routers active as of February 2026.
Compliance implication: Organizations using residential proxy services for web scraping, ad verification, or market research must ensure their providers are not operating on compromised infrastructure — a supply chain due diligence obligation under both NIS2 and DORA.
The European Commission and the European Data Protection Board (EDPB) have published individual contributions from the public consultation on draft joint guidelines addressing the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR).
The DMA requires gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft) to enable data portability and interoperability. But GDPR restricts how personal data can be shared and processed. These guidelines clarify where the two regulations intersect, overlap, and potentially conflict.
Simultaneously, the six designated gatekeepers have submitted updated compliance reports on changes implemented during the past year. The Commission is reviewing these reports for enforcement action where obligations are not met.
Action required: Organizations interacting with gatekeeper platforms — as business users, advertisers, or app developers — should review the draft guidelines to understand how DMA data access rights interact with their GDPR obligations.
Poland's National Centre for Nuclear Research (NCBJ) confirmed that hackers targeted its IT infrastructure. The attack was detected and blocked before causing operational impact, but the incident highlights escalating threats against critical infrastructure in the EU.
Nuclear research facilities fall under NIS2's essential entity classification. The attack on NCBJ — regardless of its outcome — triggers mandatory incident reporting obligations under NIS2 Article 23: initial notification within 24 hours, full incident report within 72 hours, and a final report within one month.
In parallel developments, security researchers report that Iran-linked hacking groups are expanding their targeting from Middle Eastern infrastructure to US defense contractors, power stations, and water plants. The Iran-linked attack on medical device manufacturer Stryker disrupted manufacturing and shipping operations, with attackers using existing endpoint management software rather than traditional malware to wipe devices.
| Framework | Relevance |
|---|---|
| NIS2 | Nuclear, energy, and healthcare entities are essential entities requiring enhanced cybersecurity measures and incident reporting |
| DORA | Financial entities relying on ICT services from targeted sectors face third-party risk exposure requiring reassessment |
| EU AI Act | AI systems used in critical infrastructure management are classified as high-risk, requiring conformity assessments |
| GDPR | Attacks on healthcare and research facilities may compromise personal data, triggering breach notification under Article 33 |
Google released Chrome 146 patching two zero-day vulnerabilities being actively exploited in the wild. The flaws allow attackers to manipulate data and bypass security restrictions, potentially leading to code execution. Google paid out $17 million in bug bounty rewards during 2025 — including $3.7 million for Chrome vulnerabilities alone.
The AppsFlyer Web SDK was temporarily hijacked with malicious JavaScript code designed to steal cryptocurrency. The supply chain compromise affected websites using the popular mobile attribution and marketing analytics platform.
NIS2 supply chain requirements: Both incidents underscore why NIS2 Article 21(2)(d) mandates supply chain security assessments. Organizations must evaluate the security posture of their software dependencies — from browser infrastructure to third-party SDKs.
DORA ICT third-party risk: Financial entities using AppsFlyer for marketing analytics must assess whether the SDK compromise constitutes a reportable ICT incident under DORA's classification framework.
Microsoft released an out-of-band hotpatch update to fix a Remote Code Execution (RCE) vulnerability in Windows 11 Enterprise's Routing and Remote Access Service (RRAS). Separately, a Samsung-specific issue is preventing Windows 11 users from accessing their C: drive after February 2026 security updates.
DG CONNECT and DG ENEST hosted representatives from EU enlargement countries in a TAIEX workshop on the Digital Services Act (DSA), supporting the accession process in platform regulation. This signals the EU's intent to extend its digital regulatory framework beyond current member states.
For organizations operating in candidate countries (Western Balkans, Ukraine, Moldova, Turkey, Georgia), early adoption of EU digital compliance frameworks — including DSA, DMA, and NIS2 — will become a competitive advantage as accession negotiations progress.
Continuous vulnerability scanning, supply chain risk assessment, and regulatory compliance mapping for NIS2, DORA, GDPR, and EU AI Act.
Start Free Security Scan →Stay compliant. Stay secure.
🗡️ KENSAI Security & Compliance Team
March 15, 2026