← All issues

#CyberWeekly

Dec 8 - Dec 14, 2025

Germany activates its NIS2 law

NIS2 locks in across Europe

On December 6, Germany's NIS2 Implementation Act came into force. Europe's largest economy is now enforcing stricter cybersecurity obligations on essential and important entities.

Why this matters for Belgian SMEs:

  • Supply chain effect — if you do business with German companies, they may require you to meet NIS2 standards
  • Benchmark for enforcement — Germany's approach will likely influence how other EU countries enforce the rules
  • Competitive advantage — being NIS2 compliant now opens doors to German clients

Belgium was first to implement NIS2 back in October. Now with Germany on board, the two largest EU economies are enforcing the same cybersecurity baseline. The pressure on laggards just increased.

Read the legal analysis →

France's Interior Ministry gets hacked

Overnight on December 11-12, hackers compromised the email servers of France's Ministry of the Interior. Yes, the ministry responsible for national security.

The irony isn't lost on anyone. If a government ministry with dedicated security teams can get breached, what does that mean for the rest of us?

Actually, it reinforces what we keep saying:

  • No one is immune — size and budget don't guarantee safety
  • Basics matter most — most breaches exploit simple vulnerabilities
  • Detection speed is key — the ministry detected the breach quickly, limiting damage

The CyberFundamentals framework exists precisely for this reason: get the basics right first, then build from there.

December 2025 breach report →

Holiday phishing hits record levels

Holiday cheer meets cyber threat

51% of all Christmas-themed emails are now scams. Researchers detected over 33,000 phishing emails in just two weeks — and that's only what they caught.

The most common tricks this season:

  • "Package delayed" — fake DHL/PostNL notifications asking for payment
  • "Verify your account" — fake bank alerts about suspicious activity
  • "HR notification" — bonus announcements or policy updates
  • "Charity donation" — emotional appeals with malicious links

The scary part? AI is making these emails nearly perfect. No more spelling mistakes or awkward phrasing. The only defense is skepticism: don't click links in emails, go directly to the website instead.

Share this with your team — one click is all it takes.

See the full phishing report →

Never miss an issue

Get #CyberWeekly delivered to your inbox every Wednesday.

Or use our RSS feed

Questions or feedback? Contact us — we read every message.

easycyberprotection.com
RSS All issues →