LinkedIn Carousel - #CyberWeekly Week 17

Snapshot Your Audit Readiness

The four CyFun tiers are live end-to-end. Audit Readiness now has history, so progress is finally visible.

Platform: Snapshot + History for Audit Readiness

Two Belgian Towns, Two Different Aprils

Bol.com and the Rise of AI-Fabricated Fake Breaches

Patch Now: Cisco Webex CVE-2026-20184 (CVSS 9.8)

Easy Cyber Protection

1/4

Platform Spotlight: snapshot your audit readiness, then watch it improve — across all four CyFun tiers

Last week was NIS2 D-Day. This week we shipped the tool for what comes next: Audit Readiness now has a Snapshot + History view, so you can capture your…

Audit Readiness Snapshot + History: one click freezes your current readiness state (scores, gaps, evidence coverage) as a dated snapshot. History view lines up every snapshot on a timeline, so you can prove to an auditor that your maturity scores are climbing, not just that they exist today
Control Health — one unified view: we merged Audit Readiness and Maturity into a single Control Health surface. Less tab-hopping, one place to see whether a control has documentation, implementation evidence, and the right maturity score. Deep links between tabs preserve scroll and highlight the row you came from
Four CyFun tiers, complete: Important (132 controls) and Essential are now fully localised — Dutch and French translations for every control description, finding and action templates for each tier, CCB-scoped export that ships only the tier you actually need

Open Audit Readiness → https://easycyberprotection.com/app

2/4

Two Belgian municipalities, two very different Aprils — Temse stayed calm, Anderlues ended up on a leak site

Within five days, two Belgian local governments showed exactly how different the outcome of a cyber incident can be. Temse (East Flanders, ~30,000 residents)…

Temse — prevention playbook: IT staff spotted unauthorised remote-monitoring software on municipal servers April 16, pulled services offline, called in the CCB and Polis. By April 21 the CCB confirmed no data leaked. Full services back April 23
Anderlues — the leak-site way: on April 20 TheGentlemen ransomware group added Anderlues to its dark-web victim list. The municipality confirmed an incident to RTBF. Citizens still rely on anderlues.be for permits and e-guichet
The pattern: small and mid-size gemeentes are 2026's soft target — limited staff, limited budget, services that must stay open. The difference between a two-day disruption and a months-long recovery is almost always time to detection

VRT NWS: Temse all-clear → https://www.vrt.be/vrtnws/nl/2026/04/21/geen-cyberaanval-of-datalek-bij-gemeente-temse-alle-diensten-z/

3/4

Bol.com and the rise of AI-fabricated 'fake breaches' — when the database for sale never existed

On April 21 a seller calling himself "Jeffrey Epstein" listed 400,000 Bol.com customer records on a crime forum for 100 euro. Dutch and Belgian media ran the story. Within 48 hours, researchers had proven the database…

What gave it away: sample records contained the kind of too-neat patterns that large language models produce when asked to invent names, addresses and order data. Pricing at 100 euro for 400K records is also suspiciously cheap for a genuine fresh dump
The new trick: fabricate a breach, seed it on a forum, let the news cycle run, then extort the brand's reputation. Even a denial costs PR time. Several Belgian outlets ran the original claim before retractions caught up
Incident response implication: your playbook has to include "validate the claim before denying" as a first step. Denying too fast on bad data is almost as damaging as confirming too fast. Both cost trust
Who else to watch for: RetailDetail is calling this a new cybercrime trend — expect more AI-padded datasets attributed to household-name retailers. Banks, telcos and utilities are the obvious next targets

Security.NL: Bol fake-breach analysis → https://www.security.nl/posting/928107/BOL+had+datalek

4/4

Patch now: Cisco Webex SSO impersonation (CVE-2026-20184, CVSS 9.8) — CCB advisory out

The CCB published a Yellow/High advisory on April 17 for CVE-2026-20184, a critical certificate-validation flaw in Cisco Webex Control Hub and SSO integrations.

Who is affected: any organisation running Webex with SAML-based SSO (so, most Webex-at-work deployments). Belgian SMEs and MSPs with mixed Teams + Webex environments should treat this as urgent
What to do today: install the Cisco patch, then re-upload your SAML certificate in Control Hub to invalidate any pre-patch sessions. Review Webex admin audit logs for unusual SSO events since mid-March
Why it matters: an attacker who impersonates a Webex admin can add mailboxes, change meeting controls, or pivot into connected M365 tenants. SSO flaws never stay scoped to one product

CCB: advisories feed → https://ccb.belgium.be/advisories