The year 2026 has brought a fundamental shift at the intersection of global security policy and technological risk management. On March 1, 2026, when Iranian drone strikes reached Amazon Web Services (AWS) data centers in the United Arab Emirates and Bahrain, the world witnessed the first large-scale military action to directly and successfully paralyze the physical infrastructure of a global cloud provider. This event is not merely an episode in a local conflict, but a manifestation of a paradigm shift in modern warfare: digital infrastructure has now become as much a primary target as oil refineries or military bases once were.

The context of the attack was provided by Operations Epic Fury and Roaring Lion launched by the United States and Israel on February 28, 2026, which resulted in the death of the Iranian Supreme Leader, Ali Khamenei. The subsequent Iranian retaliation, Operation True Promise IV utilized a barrage of drones and missiles that targeted not only traditional military assets but also the data centers forming the economic backbone of the region. Patrick J. Murphy, executive director of the geopolitical advisory unit at Hilco Global, pointed out that while energy was previously in the crosshairs, these attacks prove that data centers are now viewed as strategic critical infrastructure.

Read more

We often feel that two completely separate worlds exist on the internet, especially on platforms like Facebook or TikTok. On one side, they say “black,” and on the other, “white”; the two camps not only fail to understand one another, but it also seems as if they aren’t even living on the same planet.

Numerous studies ar…

Read more

The European Union has responded to this challenge with a complex, multi-pillar regulatory strategy, which has not created a single, technology-specific “deepfake law,” but rather addresses the phenomenon along its entire lifecycle.

The backbone of the regulation is provided by three complementary EU legislative acts. First, the General Data Protection Regulation (GDPR) forms the basis, regulating the processing of personal, especially biometric, data used to train deepfake models, setting strict legal bases and conditions for developers. Second, the Artificial Intelligence Act (AI Act) directly targets the developers and deployers of AI systems, imposing default transparency obligations to label synthetic content. Third, the Digital Services Act (DSA) establishes the responsibility of online platforms to prevent the dissemination of harmful and illegal deepfake content, particularly through strict risk assessment and mitigation obligations imposed on Very Large Online Platforms (VLOPs).

This multi-layered approach creates a comprehensive, yet extremely complex and fragmented legal environment. While the AI Act draws the baseline for transparency, the DSA provides the primary mechanism for combating harmful content already in circulation, and the GDPR sets a fundamental limit on the use of personal data. The report highlights that these three laws together form a complementary “push-pull” system: the AI Act seeks to “push” labeled content into the digital ecosystem at the source, while the DSA seeks to “pull” harmful or illegal materials from it at the point of distribution.

The analysis at the Member State level reveals significant differences. France, with its 2024 SREN Act, has adopted a proactive criminal law approach, creating specific criminal offenses for the creation and distribution of non-consensual deepfakes, especially for pornographic content. In contrast, Germany has so far relied on its existing personality rights and defamation laws, although a new draft bill for a specific criminal law indicates a move towards the French model. Hungary is currently experiencing a legislative gap; there are no specific deepfake rules, and the existing offenses in the Criminal Code (e.g., defamation, harassment) do not necessarily provide a proportionate and effective response to the new types of threats posed by the technology.

The Rise of Synthetic Media and the European Regulatory Response

Deepfake technology, derived from the merging of the words “deep learning” and “fake,”

Read more

TL;DR

This report highlights the dual nature of the technology: on the one hand, it holds immense potential to revolutionize defense, and on the other, it creates unprecedented, complex risks. The most important lessons synthesized are as follows:

1. Paradigm shift in defense: AI agents enable cybersecurity to transition from a reactive, incident-focused model to a proactive, predictive, and highly automated strategy. Capabilities such as adaptive threat hunting, hyper-efficient SOC operations, and automated vulnerability management can dramatically increase defensive capabilities and reduce reaction times.

2. New, abstract attack surfaces: The focus of risks is shifting from traditional, code- and network-level vulnerabilities to the manipulation of agents' perception, reasoning, and decision-making processes. Threats such as prompt injection, perception hijacking, and the cascading effects inherent in multi-agent systems require new ways of thinking and new defense strategies.

3. The central role of governance: The biggest challenge is not technological, but one of governance. Organizations must urgently develop robust frameworks that ensure the safe, auditable, and ethical operation of autonomous agents. This includes strict permission management, continuous monitoring, human oversight, and the definition of clear responsibilities. The risk of the "algorithmic insider threat" is real and requires immediate attention.

4. The transformation of the human role: Human expertise remains indispensable, but its role is shifting from execution to strategic direction, system design, agent training, and making complex, contextual decisions. The cybersecurity professionals of the future will need to be technologists, strategists, and "governors" of the digital workforce all at once.

The future clearly points towards continuous, high-speed, machine-vs-machine cyber warfare. In this environment, the organizations that succeed will be those that not only invest in the latest technologies but also build an agile, adaptive security culture based on a close partnership between human and machine intelligence.

The Revolution of Autonomous AI Agents in 2025

Read more

TL;DR

The information environment of the 2026 Hungarian parliamentary elections is expected to be defined by four main risk factors:

• The synergy of domestic government and foreign (primarily Russian, American, and Chinese) disinformation, creating a coordinated, mutually reinforcing narrative space.

• Networked propaganda that bypasses the ban on paid politi…

Read more

Cybersecurity is a cornerstone of our digital world, encompassing all measures taken to protect digital data and assets. An effective cybersecurity strategy blends people, processes, and technology to mitigate risks like business disruption, financial loss, and reputational damage. It's not just about technology; people and procedures are equally vital.

Europe is facing an escalating wave of hybrid attacks, a complex threat blending conventional and unconventional methods. A recent EBU Investigative Journalism Network report highlights the extent of Russian hybrid operations in Europe. These involve recruiting "disposable agents" via social media for cyberattacks, arson, vandalism, sabotage, and election interference. Over 60 confirmed or suspected Russian hybrid attacks have been documented since early 2024. EU officials and Dutch intelligence confirm this growing trend, emphasizing that these attacks target the entire continent, aiming to weaken and influence societies.1

Read more

A significant cyber and data security incident has impacted the Office of the Comptroller of the Currency (OCC), a crucial institution responsible for the stability of the United States financial system. Attackers gained undetected access to the agency's email system for over a year and a half, compromising approximately 150,000 emails.

The Incident Unfolds

The initial unauthorized access likely occurred around May-June 2023. However, the breach wasn't detected until February 2025, meaning the perpetrators remained hidden for nearly 20 months. The compromised emails included sensitive data and communications with major financial institutions like JPMorgan Chase and BNY Mellon.

Significantly, the attack wasn't carried out using ransomware or destructive methods. Instead, it was a quiet, stealthy operation focused on surveillance and data collection. This approach is particularly concerning for an institution that underpins the stability of the US banking sector.

The incident came to light on February 11, 2025, when Microsoft specialists detected suspicious activity within the OCC's email system. An administrator account was observed accessing user mailboxes in an unusual manner. Microsoft alerted the OCC, which launched an internal investigation and confirmed the incident the following day, February 12th.

Key Details of the Breach:

• Start Date: May-June 2023.

• Detection: February 11, 2025, by Microsoft, not the OCC's internal security.

• Attack Vector: A compromised administrator account.

• Affected System: The OCC's on-premises Microsoft Exchange email system (not Microsoft 365 cloud service). This suggests the attack differs from known state-sponsored (potentially Chinese) operations targeting cloud-based systems.

• Affected Mailboxes: At least 103 email accounts, including those of senior officials and personnel handling confidential information.

• Attack Type: Passive surveillance and information gathering, with no file encryption, extortion, or system damage.

The nature and duration of the attack, coupled with its external detection, raise serious questions about the effectiveness of the OCC's internal security monitoring and early detection capabilities.

Extent of the Damage

The compromised correspondence contained sensitive information, including results of bank supervision audits, evaluations, and details on the financial health of certain institutions. Following the attack, several financial institutions temporarily restricted sharing sensitive data with the OCC, indicating a potential erosion of trust.

While the OCC and the US Department of the Treasury emphasized that the incident had no direct impact on the financial system's operation, the volume and nature of the compromised data could pose long-term risks. Potential leaks of sensitive information could cause reputational damage and create future attack opportunities, such as targeted phishing or financial manipulation campaigns.

Response and Investigation

Upon confirmation, the OCC immediately disabled the compromised account. Further steps included:

• Engaging an external digital forensics team for investigation.

• Reporting the incident to the US Cybersecurity and Infrastructure Security Agency (CISA).

• Formally notifying Congress in late March 2025, classifying it as a "major incident" due to the involvement of non-public, controlled, and personally identifiable information.

An OCC spokesperson stated the institution is committed to identifying security shortcomings, establishing internal accountability, and strengthening affected systems.

Geopolitical Considerations

While the attacker hasn't been officially identified, the incident's characteristics align with previous intrusions into US governmental and financial institutions, often linked to state-sponsored groups, particularly from China. These attacks typically aim for long-term information gathering and cyberespionage for strategic, political, or economic advantage, rather than immediate disruption. Groups like Salt Typhoon (APT40) have been associated with similar attacks. However, it's crucial to note that no official attribution has been made in the OCC case. The incident fits the trend of geopolitical tensions, especially between the US and China, increasingly playing out in cyberspace.

Lessons Learned and Recommendations

This attack highlights several systemic weaknesses:

• Lack of Internal Detection: Reliance on an external partner (Microsoft) for detection indicates insufficient internal monitoring capabilities.

• Inadequate Control of Privileged Access: The compromised administrator account had extensive access, pointing to weaknesses in access and privilege management.

• Organizational Security Deficiencies: The incident likely exposed long-standing structural weaknesses and the risks associated with technical debt and delayed upgrades.

• Need for Improved Incident Communication: Issues with incident classification and the timing of information release suggest a lack of robust, predefined communication protocols.

Recommendations for Organizations Handling Critical Data

1. Strengthen Privileged Access Management (PAM): Implement multi-factor authentication, the principle of least privilege, time-bound access, session logging, and regular audits.

2. Build Advanced Detection and Response Capabilities: Deploy and enhance solutions like SIEM, EDR, NDR, behavioral analytics, and automated alerts.

3. Adopt a Zero Trust Network Model: Minimize implicit trust, enforce continuous authentication and access control both internally and externally.

4. Develop Transparent Incident Communication Protocols: Establish predefined procedures for handling incidents and informing stakeholders and the public.

5. Foster an Organizational Cybersecurity Culture: Reinforce leadership accountability, allocate sufficient resources, and integrate awareness programs into daily operations.

6. Review Communication Channel Security: Use dedicated, encrypted, and audited channels for highly sensitive information instead of general email.

Conclusion

The cyberattack against the OCC is one of the most severe incidents affecting US regulatory authorities in recent years. It underscores the evolving nature of cyber threats and the vulnerabilities within internal security systems and processes. Furthermore, it highlights potential nation-state interest in sensitive financial regulatory data. The key takeaway is clear: strengthening technical, organizational, and cultural defense capabilities cannot be delayed. Continuous review and modernization of security practices are essential to prevent similar long-duration, stealthy attacks, especially where national or global financial stability is at stake.

Common Scams Targeting Hungarians

Scammers employ a variety of methods. Watch out for:

• Fake Investment Schemes: These often promise impossibly high returns. A notable example involved the "Samandriel Group," which operated a pyramid scheme disguised as a crypto investment, defrauding over 2,500 people out of significant sums. Scammers may even misuse the images of well-known local figures to lend false credibility to their schemes.

• Phishing: Fraudulent emails or SMS messages impersonating banks, delivery companies, or other trusted entities aim to trick you into revealing personal data (like passwords or card details) or clicking malicious links that install data-stealing malware.

• "Pig Butchering": A particularly insidious scam where criminals build a relationship (often romantic) with the victim over time before persuading them to invest large sums in fake crypto platforms.

• Money Laundering: Criminals use crypto transactions to obscure the origins of illegally obtained funds.

• Fake Mining Operations: Websites that promise crypto mining rewards but only collect fees from users without providing any real return.

Authorities Taking Action

Hungarian authorities, including the police and the Hungarian National Bank (MNB), are actively working to combat this trend. Efforts include monitoring online activities, raising public awareness about risks and prevention, seizing crypto assets linked to crimes like drug trafficking, and participating in international collaborations. The MNB also emphasizes the risks associated with the largely unregulated crypto market.

How to Protect Yourself

While authorities are tackling the issue, individual vigilance is key:

• Use Secure Wallets: Opt for wallets with strong security features like multi-factor authentication.

• Be Skeptical: Treat unsolicited messages, especially those containing links or promising high returns, with extreme caution. If an offer seems too good to be true, it probably is.

• Guard Your Data: Never share sensitive personal or financial information on unverified websites or in response to unsolicited requests.

• Stay Informed: Educate yourself about how cryptocurrencies work and the common types of scams.

The rise in crypto-related crime underscores the need for caution in the digital asset space. By staying informed and practicing safe online habits, users can better protect themselves from becoming victims.

Two fundamental pillars of the global cybersecurity ecosystem, the Common Vulnerabilities and Exposures (CVE) Program operated by MITRE Corporation and the National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST), play critical roles in identifying and managing vulnerabilities worldwide. CVE provides unique identifiers for publicly known vulnerabilities, while NVD enriches this information with contextual data, such as severity scores. Recently, both organizations have faced significant funding and operational challenges: the CVE program is threatened by the expiration of its funding contract, while NVD struggles with severe and growing backlogs in processing incoming vulnerability data.

This entry analyzes the global consequences of these U.S.-centered problems. Our findings indicate that the instability of these fundamental infrastructures has serious and far-reaching effects on international organizations, governments, and the entire cybersecurity community. Key consequences include decreased efficiency in global vulnerability management processes, increased difficulty in risk assessment and patch prioritization, disruption of international vulnerability coordination efforts, and reduced reliability of cybersecurity tools (e.g., vulnerability scanners, SIEM systems) that rely on CVE and NVD data. Furthermore, the unreliability of U.S.-led fundamental cybersecurity infrastructure may undermine international trust in U.S.-led global cybersecurity initiatives and standards, potentially encouraging the development of alternative regional or national vulnerability databases, which could lead to ecosystem fragmentation.

The Essential Role of CVE and NVD

In today's modern digital world, identifying, cataloging, and managing cybersecurity vulnerabilities is essential for protecting organizations, governments, and individuals. In this complex environment, two U.S. federally funded programs have become de facto pillars of the global cybersecurity ecosystem: the Common Vulnerabilities and Exposures (CVE) Program operated by MITRE Corporation and the National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST).

The CVE program's mission is to identify, define, and catalog publicly known cybersecurity vulnerabilities. Each vulnerability receives a unique CVE identifier (e.g., CVE-2014-0160 for Heartbleed), enabling security professionals, researchers, software developers, and organizations worldwide to unambiguously and consistently reference the same issue. This unified nomenclature is essential for efficient information sharing and correlation of vulnerability data across different tools, databases, and reports.

Read more

A recent report by the Russian Federal Service for Technical and Export Control (FSTEC) reveals a troubling state of the country's IT systems security. According to the report, 47% of organizations operating within critical information infrastructure have critical vulnerabilities in their IT systems. This leaves Russian key institutions—including energy supply, transportation, financial sector, and government bodies—exposed to cyberattacks.

Read more

Comprehensive measures against digital crime

The Russian government has announced a comprehensive package of measures to strengthen the fight against cybercrime, which could fundamentally change the country's digital security environment in 2025-2026. The initiative is particularly timely, as the number of cybercrimes has seen a dramatic increase: a 30% increase was registered in 2023 alone, which continued to grow in 2024.

Key changes in the digital space

The new regulation rests on several pillars, each of which aims to increase security:

• Protection of state communication: A complete ban on the use of foreign messaging platforms in the state sphere, which can significantly reduce the risk of leaks and abuses.

• Stricter user identification: The introduction of mandatory identification for the use of online marketplaces and services, with particular attention to larger platforms.

• Protection against telephone fraud: Introduction of innovative solutions to identify the origin of calls and filter spam calls.

Read more

Key points about APT28 (Fancy Bear):

APT28 is a state-sponsored hacker group linked to Russian military intelligence (GRU, Military Unit 26165) that has been active for over 20 years⁠.⁠​

• Their objectives include:

• Intelligence gathering

• Political influence operations

• Weakening adversaries' critical infrastructure⁠⁠​

The group has become increasingly active in cyber warfare, especially since the Russian-Ukrainian war began⁠. According to a recent Maverits analysis covering 2022-2024, the group has evolved into a well-organized cyber warfare unit within the military structure.

This is an AI podcast generated by Ferenc Frész using: https://try.elevenlabs.io/

Cyber warfare has played an increasingly significant role in geopolitical conflicts in recent years, especially since the outbreak of the Russian-Ukrainian war.

APT28 - also known as Fancy Bear, Sofacy, or STRONTIUM - linked to Russian military intelligence (GRU, Military Unit 26165) is one of the most well-known and active state-sponsored hacker groups, closely tied to Russian military and geopolitical interests for more than 20 years.

This group not only conducts classical cyber espionage but has also become a key player in modern information warfare and cyber warfare. APT28's objectives include gathering intelligence, political influence operations, and weakening adversaries' critical infrastructure.

APT28 is therefore not simply a hacker group, but a well-organized cyber warfare unit that fits into military structure, continuously evolving and serving as a key player in the war being waged in cyberspace.

In a recently published analysis1, Maverits examined the activities of this group, APT28, between 2022 and 2024. It's worth noting that the cybersecurity firm conducting the analysis is headquartered in Ukraine, maintaining close ties with Ukrainian national security and defense organizations. This geographical and operational position enabled the report to rely on the most current and in-depth information possible.

The article aims to summarize the key findings of the Maverits report and place them in a broader context, demonstrating how APT28's activities fit into Russian military-diplomatic strategy and global cyber warfare trends.

APT28's Target Countries and Geopolitical Objectives

APT28's activities have always been closely tied to Russia's geopolitical interests. However, in the past three years, the group's geographical focus of attacks has somewhat shifted as a consequence of the war that broke out in 2022. The analysis of target countries not only shows where APT28 is active, but

Read more