INTERPOL's Operation Synergia III coordinates 72 countries to seize 45,000 malicious IPs and arrest 94 cybercriminals — the largest coordinated cyber takedown in history. CISA adds mandatory reporting requirements to its Cisco SD-WAN directive as Ivanti EPM vulnerabilities join the KEV catalog. ENISA publishes a renewed international strategy to strengthen the EU cybersecurity ecosystem. Google patches two actively exploited Chrome zero-days with implications for the Cyber Resilience Act.
INTERPOL announced the takedown of 45,000 malicious IP addresses and servers used for phishing, malware distribution, and ransomware. The operation led to 94 arrests, with 110 additional suspects under investigation. A total of 212 electronic devices and servers were seized across multiple continents.
Regulation Impact: NIS2 Cross-Border Cooperation — Budapest Convention — EU Cybercrime Directive — DORA ICT Incident Reporting
INTERPOL's Operation Synergia III represents the most ambitious coordinated cybercrime enforcement action ever undertaken. Spanning 72 countries and territories, the operation targeted the infrastructure behind phishing campaigns, malware distribution networks, and ransomware operations that have caused billions in damages globally.
In Bangladesh alone, authorities arrested 40 suspects and seized 134 electronic devices connected to loan scams, identity theft, and credit card fraud. In Togo, 10 suspects were apprehended running a fraud ring from a residential area that included social media account hijacking operations.
The scale matters. Taking down 45,000 malicious IPs in a single coordinated action sends an unmistakable signal: the infrastructure that powers cybercrime is no longer beyond the reach of international law enforcement.
Germany's BKA (Federal Criminal Police), Austria's Bundeskriminalamt, and Switzerland's FEDPOL all participated in Operation Synergia III. DACH organizations should check their network logs against the indicators of compromise that INTERPOL will release through national CERTs. For NIS2-regulated entities, this operation validates the directive's emphasis on cross-border information sharing — the threats are global, and so must be the response.
CISA has added mandatory reporting requirements to its existing Cisco Catalyst SD-WAN directive and added Ivanti Endpoint Manager vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. Both are under active attack in the wild.
Regulation Impact: CISA BOD 22-01 — NIS2 Vulnerability Management — CRA Vulnerability Reporting — DORA Patch Management
CISA's decision to expand an existing directive rather than issue a new one is noteworthy. The original Cisco Catalyst SD-WAN directive required federal agencies to patch; the updated version now adds mandatory reporting on exploitation status — agencies must confirm whether they've been compromised, not just whether they've patched.
Meanwhile, the Ivanti Endpoint Manager (EPM) vulnerabilities being actively exploited represent a particularly dangerous class: endpoint management tools have privileged access to every device they manage. Compromising EPM gives attackers administrative control across the entire managed fleet.
Cisco SD-WAN is widely deployed across German enterprises and Swiss financial institutions. Ivanti EPM has significant market share in Austria and Germany. BSI has historically mirrored CISA KEV additions in its own advisories within 24-48 hours. DACH organizations should not wait for BSI — patch now, assess for compromise, and document the response for NIS2 compliance evidence.
Regulation Impact: NIS2 Implementation — EU Cyber Diplomacy — International Standards — Capacity Building
The European Union Agency for Cybersecurity (ENISA) has published its revised International Strategy, renewing the agency's approach to engagement with international partners. The strategy strengthens alignment with the EU's international cybersecurity policies and the promotion of EU values in global cybersecurity governance.
This is more significant than it appears. As NIS2 implementation accelerates across 27 member states, ENISA's international strategy shapes how the EU's cybersecurity framework interacts with — and potentially influences — the rest of the world. The strategy effectively positions NIS2 not just as an EU regulation, but as a model for global cybersecurity governance.
Switzerland, as a non-EU country with deep economic integration, is directly affected by ENISA's international strategy. The Swiss NCSC should engage with ENISA's international cooperation framework to ensure alignment. For German and Austrian organizations with global operations, ENISA's push for international standardization means NIS2 compliance investments will likely have global applicability.
Google has patched two zero-day vulnerabilities in Chrome 146 that were being actively exploited in the wild. The flaws allow attackers to manipulate data and bypass security restrictions, potentially leading to remote code execution.
Regulation Impact: EU Cyber Resilience Act — NIS2 Supply Chain Security — Vulnerability Disclosure — DORA Digital Operational Resilience
Two Chrome zero-days patched in a single update is unusual and concerning. Chrome's market share exceeding 65% globally means these vulnerabilities exposed billions of users to potential attack. The exploitation was confirmed active before the patch, meaning attackers had a window of opportunity.
This comes just days after Google revealed it paid $17 million in bug bounties in 2025, with $3.7 million for Chrome vulnerabilities alone. Even with one of the most mature vulnerability programs in the industry, zero-days still slip through — a reality that the EU's Cyber Resilience Act must account for.
Germany's BSI CERT-Bund typically issues advisories for actively exploited Chrome vulnerabilities within hours. Swiss NCSC and Austrian CERT.at should follow. For DACH enterprises, this is a reminder to implement browser auto-update policies and monitor the CISA KEV catalog. Chrome Enterprise policies can enforce update compliance — documentation that also serves as NIS2 evidence.
From CISA directives to Chrome zero-days, the attack surface never sleeps. KENSAI scans your infrastructure for known vulnerabilities, misconfigurations, and compliance gaps — so regulators don't find them first.
Start Free Security Scan →The KENSAI Intelligence Desk publishes daily regulation roundups covering NIS2, DORA, GDPR, EU AI Act, and CRA developments. Compliance is not optional — it is infrastructure.