LinkedIn Carousel - #CyberWeekly Week 14

Brussels Got Hacked

ShinyHunters stole 350GB from the European Commission — including the keys to forge their emails

ShinyHunters Breaches the European Commission

New: Assessment Hub — Your Compliance Roadmap Visualised

16 Days Left: NIS2 Self-Assessment Deadline

Easy Cyber Protection

1/4

ShinyHunters breach the European Commission: 350GB stolen including email signing keys

ShinyHunters stole 350GB from the European Commission — including DKIM keys that let attackers forge official @ec.europa.eu emails.

What was stolen: mail server data, databases, contracts, SSO user directory, DKIM signing keys, and AWS config snapshots — 90GB already published
Why DKIM keys matter: an attacker can now send emails that pass all authentication checks as @ec.europa.eu — NIS2 notices, procurement messages, regulatory warnings
Belgian angle: with 16 days to the NIS2 deadline, any urgent EC email about your compliance submission deserves a call-back to verify before clicking

BleepingComputer: full report → https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/

2/4

Platform Spotlight: Assessment Hub — your compliance roadmap in three views

This week we launched the Assessment Hub — plan, track, and close compliance gaps from one place, starting with a structured assessment rather than a flat…

Three views: Matrix (gap analysis at a glance), Kanban (drag findings through Open → In Review → Closed), and Roadmap (timeline by CyFun function area)
Findings and actions linked: a finding documents a gap; an action closes it. Both are linked to the relevant control with status tracking and due dates — no spreadsheet needed
CyFun Basic templates pre-loaded: common finding types and recommended actions for all 34 controls, ready to use out of the box

Try the Assessment Hub → https://easycyberprotection.com/start

3/4

Citrix NetScaler CVE-2026-3055: actively exploited since March 27 — patch before attackers steal your session tokens

A critical memory overread bug in Citrix NetScaler ADC and Gateway (CVSS 9.3) has been actively exploited since at least March 27, leaking authenticated session IDs to unauthenticated attackers — with no login required.

What it does: an attacker sends a crafted SAML authentication request to the /saml/login endpoint. The appliance mishandles the missing AssertionConsumerServiceURL field and leaks memory contents — including live authenticated session tokens — in the response cookie. The attacker can then replay those tokens to access whatever that session had access to
Who is at risk: organisations using NetScaler as a SAML Identity Provider (IDP) for SSO. This covers many VPN, remote-desktop, and cloud access setups. If your remote-work gateway is a Citrix ADC or Gateway, check your configuration. Versions before 14.1-60.58 and 13.1-62.23 are affected
Reconnaissance already underway: security honeypots detected systematic probing of /cgi/GetAuthMethods endpoints from known threat actor IPs beginning March 27 — attackers are fingerprinting which appliances have SAML enabled before targeting them
Fix: update to 14.1-60.58+, 13.1-62.23+, or 13.1-37.262+. If you cannot patch immediately, disable SAML IDP functionality until you can. Audit your NetScaler access logs for unusual /saml/login requests with empty AssertionConsumerServiceURL parameters

BleepingComputer: CVE-2026-3055 details → https://www.bleepingcomputer.com/news/security/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks/

4/4

16 days left: the NIS2 self-assessment deadline is April 18 — here is what still needs to happen

April 18, 2026 is not a suggestion — it is the hard deadline for Belgian NIS2 entities to submit their CyFun self-assessment or ISO 27001 documentation to the CCB.

What you must submit by April 18: either a Verification Statement showing your CyFun Basic or Important level assessment has been completed, or your ISO 27001 information security policy, scope, and Statement of Applicability (SoA). Both must be submitted directly to the CCB via the NIS2 portal
Who this applies to: organisations with 50+ employees or €10M+ turnover operating in one of 18 critical sectors (healthcare, energy, transport, finance, public administration, digital infrastructure, ICT services, and more). Your supply chain partners may also be in scope as important entities
The penalties are real: non-compliance exposes you to fines of up to €10 million or 2% of global annual turnover — whichever is higher. Belgian law adds personal director liability: board members can be held individually responsible for failing to ensure compliance was implemented
What "registered but not ready" looks like: of the 2,410+ organisations registered with the CCB, an estimated 25% have done the registration without completing the underlying structured implementation. Registration is not compliance. The April 18 submission is the evidence that you have actually done the work

CCB: official NIS2 portal → https://atwork.safeonweb.be/nis2

Read the full issue

4 stories. Context that matters.
Belgian cybersecurity, weekly.

Scan to read online

https://easycyberprotection.com/cyberweekly/2026/week-14

Follow #CyberWeekly

easycyberprotection.com