A court made Google own what its AI says. Your backup server, VPN and emergency accounts deserve the same scrutiny.

• A German court just made Google answer for what its AI says about your business: If Google's artificial intelligence (AI) summary tells the world your company is a scam, that is now Google's problem, not just yours. The Regional Court of Munich ruled that AI Overviews, the ...
• Platform Spotlight: evidence that names exactly which devices it covers: "We have a config snapshot" is not the same as "we have a config snapshot for these 13 laptops". This week the platform learned the difference: every piece of evidence can now carry a precise s...
• CCB patch watch: your backup server, your firewall VPN, and a record Patch Tuesday: The Centre for Cybersecurity Belgium (CCB) had a loud week, and two of its warnings point at the exact systems that decide whether a ransomware incident is an annoyance or a catastrophe: the ba...
• One cracked password and a forgotten emergency account: anatomy of an 871 GB breach: The Dutch municipality of Epe published the post-mortem of its March cyberattack this week, and it reads like a checklist of small gaps that added up: 871 gigabytes and roughly 550,000 files wa...
• Using AI to write content? The EU's labelling rules land on 2 August: On 10 June the European Commission published the final Code of Practice on marking and labelling AI-generated content, the practical how-to for transparency duties under the EU AI Act that star...

Read full issue →

Your real booking details, an exploited firewall, a forgotten phone system: this week the familiar was the way in.

• Your booking details became the bait: a hotel data breach turns into euro-draining phishing: Hundreds of Flemish hotel guests were scammed this week after a data breach exposed hotel reservation details across Belgian and Dutch hotels. Criminals used the real booking information to sen...
• Platform Spotlight: we put our full pricing in the open: Most NIS2 compliance tools hide their price behind a "contact sales" button. We just published ours in full: every tier, every per-client bracket, on one page, with no form and no sales call to...
• CCB patch watch: an actively exploited firewall VPN and a wide-open phone system: The Centre for Cybersecurity Belgium flagged a cluster of critical fixes around 1 June. Two matter most for Belgian small and medium-sized enterprises (SMEs): a Palo Alto VPN flaw already under...

Read full issue →

Your antivirus, a town's IT supplier, a control panel you forgot you had: this week the trusted layer was the way in.

• Your security tools were the target this week, not your shield: Two stories this week share one theme: the security software meant to protect you was the thing under attack. Trend Micro Apex One is being actively exploited, and two Microsoft Defender zero-d...
• Platform Spotlight: audit-readiness stops being vague and starts naming the devices missing from your scope: This week the audit-readiness view stopped saying "something is missing" and started naming names. Instead of telling you a control is under-covered, it now points at the exact devices missing ...
• Breached through the back office: a Belgian waste authority loses its recycling parks via its IT supplier: On Monday May 18, the recycling parks of Beerse and Merksplas, run by IOK, the inter-municipal waste authority for the Kempen, were knocked offline by a cyberattack. IOK confirmed its own syste...
• CCB patch watch: a SharePoint remote-code-execution flaw and a perfect-10 cPanel bug: The Centre for Cybersecurity Belgium issued a cluster of advisories this week. Two stand out for Belgian SMEs: a SharePoint Server remote-code-execution (RCE) flaw to patch immediately, and a L...

Read full issue →

An Outlook Web Access zero-day turns an opened email into a hijacked mailbox. Mitigations only — no permanent patch yet.

• Open mail, open inbox: Outlook Web Access zero-day actively exploited (CVE-2026-42897): Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site-scripting flaw in Outlook Web Access on on-premises Exchange Server 2016, 2019, and Subscription Edition — is under active explo...
• Platform Spotlight: evidence uploads ship end-to-end, integrations get bounded and tier-aware: Five things shipped that change how an MSP runs an engagement: a long-asked-for upload, a smarter integration data lifecycle, sharper endpoint cards, friendlier CSV imports, and a hardened Chec...
• Easy Cyber Protection on the Cybersec Europe 2026 main stage — pitched, jury deliberating: On Tuesday May 20 at Brussels Expo, Easy Cyber Protection's pitch for the Cybersec Europe 2026 "Best Cybersecurity Innovation Europe" jury award was delivered on the Mainstage. The award ceremo...
• The Microsoft 365 self-service-password-reset campaign — the back door is the front door: Researchers flagged on May 19 an active campaign abusing Microsoft 365 / Entra ID self-service password reset and administrative tooling to take over mailboxes without ever phishing the user. W...
• Belgian patch week: a critical advisory every working day: Between May 18 and May 20 the Centre for Cybersecurity Belgium published seven critical advisories on enterprise software that a lot of Belgian SMBs and their managed service providers sit down...
• CCB ships a 'First Aid' incident playbook — what every NIS2-scope org needs in place before the call: On Sunday May 18, the Centre for Cybersecurity Belgium published "First Aid in the event of a cyber incident" (EN / NL / FR / DE). It is a concise operational checklist of what an organisation ...

Read full issue →

ECP shortlisted for the Cybersec Europe 2026 Best Innovation award. Plus: a weekly client micro-learning newsletter.

• Cybersec Europe 2026: Easy Cyber Protection on the 'Best Innovation' shortlist: The Cybersec Europe 2026 jury has shortlisted Easy Cyber Protection for the "Best Cybersecurity Innovation Europe" award. The pitch is May 20 at Brussels Expo, the ceremony May 21. Tickets free...
• Platform Spotlight: co-branded weekly micro-learning + Ed25519-signed audit bundles: Two things shipped this week that change the shape of an MSP engagement: a co-branded weekly micro-learning newsletter you send to your clients' employees under your own brand, and an Ed25519-s...
• Verizon DBIR 2026 lands — the small-business pattern holds, the access vectors barely move: The annual Verizon Data Breach Investigations Report is the most-cited corpus in the industry, and the 2026 edition published this week. The headline is the lack of headline: small organisation...
• CCB published its 2025 annual figures — 635 incident notifications, +70% YoY: The Centre for Cybersecurity Belgium's 2025 numbers, surfaced again this week alongside the post-April-18 NIS2 audit cycle: 635 incident notifications across the year, a 70% jump on 2024. The l...

Read full issue →

ECP ships an end-to-end audit-prep arc. SafePay claims another Belgian SMB. CCB drops a fresh advisory daily.

• Platform Spotlight: audit-readiness cockpit, integration marketplace, /demo, 5-tier pricing: The MSP audit-prep loop is end-to-end: a self-resetting /demo to show your clients, an integration marketplace that lights up what they already run, a sharper audit-readiness page that tells yo...
• SafePay lists another Belgian SMB — ETTP on May 6, the fourth Belgian victim in five weeks: SafePay added ETTP, a Belgian technology-consulting and training firm, to its leak site on May 6 — the fourth named Belgian victim in five weeks (Fountain, Anderlues, Van Heyghen + ISoSL, now E...
• Patch week: CCB drops a critical advisory every weekday — MOVEit, n8n, Apache HTTP, Ivanti EPMM: Belgium's Centre for Cybersecurity issued a fresh "patch immediately" advisory every weekday from May 4 to May 7. Four products, four critical-class flaws, three already exploited or trivially ...
• CCB ships a free network device logging baseline — the boring control that auditors always ask about: On May 5, the Centre for Cybersecurity Belgium published a practical Network Device Logging Recommendations guide — exactly what switches, routers, firewalls and load balancers should log, wher...

Read full issue →

NIS2 D-Day passed. The audit deliverable becomes an Excel round-trip, and two Belgian SMEs land on APT73's wall.

• Two Belgian SMEs on APT73's wall in 24 hours — Van Heyghen Staal and ISoSL both listed April 27: Within the same April 27 window the APT73 (also known as Bashe) ransomware leak site added two Belgian victims: Van Heyghen Staal, a family-owned steel-service centre in Evergem in the Ghent ca...
• Platform Spotlight: the audit deliverable goes round-trip — Excel, .ecpbundle.zip, Aikido: This week we shipped the biggest product pivot since launch. The audit deliverable is now a CCB-format Excel that round-trips with the auditor, packaged inside a portable .ecpbundle.zip you can...
• UK retail's category-2 cyber hurricane — M&S, Co-op, Harrods all hit, DragonForce claims credit, four arrests: Marks & Spencer, the Co-op and Harrods are all dealing with active cyber incidents inside a nine-day window. The UK Cyber Monitoring Centre has formally classified the M&S and Co-op pai...
• Patch this week: Cisco ISE root RCE (CVE-2026-20160) plus ConnectWise and Microsoft on CISA KEV: April 28 was a busy day for vulnerability advisories. CISA added two flaws to its Known Exploited Vulnerabilities catalogue, Cisco published critical advisories for Identity Services Engine, an...

Read full issue →

The four CyFun tiers are live end-to-end. Audit Readiness now has history, so progress is finally visible.

• Platform Spotlight: snapshot your audit readiness, then watch it improve — across all four CyFun tiers: Last week was NIS2 D-Day. This week we shipped the tool for what comes next: Audit Readiness now has a Snapshot + History view, so you can capture your compliance state at any moment and see ex...
• Two Belgian municipalities, two very different Aprils — Temse stayed calm, Anderlues ended up on a leak site: Within five days, two Belgian local governments showed exactly how different the outcome of a cyber incident can be. Temse (East Flanders, ~30,000 residents) caught a suspicious tool on its ser...
• Bol.com and the rise of AI-fabricated 'fake breaches' — when the database for sale never existed: On April 21 a seller calling himself "Jeffrey Epstein" listed 400,000 Bol.com customer records on a crime forum for 100 euro. Dutch and Belgian media ran the story. Within 48 hours, researchers...
• Patch now: Cisco Webex SSO impersonation (CVE-2026-20184, CVSS 9.8) — CCB advisory out: The CCB published a Yellow/High advisory on April 17 for CVE-2026-20184, a critical certificate-validation flaw in Cisco Webex Control Hub and SSO integrations. Rated CVSS 9.8, it lets an unaut...

Read full issue →

Microsoft Graph integration auto-fills your intake. AI drafts policies from your own entity data.

• ChipSoft ransomware knocks Belgian and Dutch hospitals offline — patient data confirmed stolen: A ransomware attack on ChipSoft, the vendor behind 80% of Dutch hospital patient record systems, forced 11 hospitals to take their systems offline and disrupted patient portals across Belgium a...
• Platform Spotlight: Microsoft Graph meets compliance — your M365 data now auto-fills intake forms: This week we shipped Microsoft Graph integration: connect your Microsoft 365 account and your compliance intake forms auto-fill with real data from your tenant. Combined with a new AI document ...
• Basic-Fit breach exposes bank details of 1 million gym members across six countries — Belgium included: European gym giant Basic-Fit disclosed a data breach on April 13 affecting up to 1 million members across Belgium, the Netherlands, France, Germany, Luxembourg, and Spain. The stolen data inclu...
• NIS2 D-Day: the April 18 self-assessment deadline is here — what happens if you miss it: Tomorrow is April 18, 2026 — the binding deadline for Belgian essential entities to submit their CyFun self-assessment or ISO 27001 documentation to the CCB. This is not a procedural formality....

Read full issue →

RansomHouse hit 3,500 European cultural sites — Louvre, Eiffel Tower, Notre-Dame. Visitor data stolen.

• RansomHouse hits the Louvre, Eiffel Tower, and 3,500 European cultural sites via one ticketing vendor: A ransomware attack on Vivaticket's French subsidiary Irec SAS disrupted online reservations at nearly 3,500 museums, monuments, and cultural sites across Europe — including the Louvre, Musée d...
• Platform Spotlight: AI writes your security policies — section by section: This week we shipped the biggest AI upgrade to date: the Policy Wizard now generates your security policies section by section using Cloudflare AI, and TARS can surgically revise any passage wi...
• Dragonforce ransomware hits Fountain — a Belgian stock-listed company that serves your office coffee: Fountain, a Belgian publicly-listed company specialising in workplace coffee services, confirmed a ransomware attack involving unauthorised access and data exfiltration. The company filed a cri...

Read full issue →

ShinyHunters stole 350GB from the European Commission — including the keys to forge their emails

• ShinyHunters breach the European Commission: 350GB stolen including email signing keys: ShinyHunters stole 350GB from the European Commission — including DKIM keys that let attackers forge official @ec.europa.eu emails. What was stolen: mail server data, databases, ...
• Platform Spotlight: Assessment Hub — your compliance roadmap in three views: This week we launched the Assessment Hub — plan, track, and close compliance gaps from one place, starting with a structured assessment rather than a flat list of 34 controls. Th...
• Citrix NetScaler CVE-2026-3055: actively exploited since March 27 — patch before attackers steal your session tokens: A critical memory overread bug in Citrix NetScaler ADC and Gateway (CVSS 9.3) has been actively exploited since at least March 27, leaking authenticated session IDs to unauthenticated attackers...
• 16 days left: the NIS2 self-assessment deadline is April 18 — here is what still needs to happen: April 18, 2026 is not a suggestion — it is the hard deadline for Belgian NIS2 entities to submit their CyFun self-assessment or ISO 27001 documentation to the CCB. After that date, the CCB can ...

Read full issue →

Europol and a Belgian hacker went after phishers from opposite directions this week — and both won

• Europol and Microsoft kill Tycoon 2FA — the phishing platform that bypassed your MFA: On March 16, Europol and Microsoft announced the dismantling of Tycoon 2FA — one of the world's largest phishing-as-a-service platforms, with one particularly nasty trick: it bypasses multi-fac...
• Platform Spotlight: Calm Compliance — your full NIS2 journey, one step at a time: This week we shipped the biggest UX change in Easy Cyber Protection's history: Calm Compliance — a guided journey that takes you from your first question all the way to your audit submission, o...
• Belgian ethical hacker infiltrates live phishing gang, kills 7 campaigns targeting Belgian banks: In early March, Belgian ethical hacker Inti De Ceukelaire received a phishing text impersonating Argenta bank — and instead of deleting it, he decided to fight back. What followed was a weeks-l...

Read full issue →

EU sanctions Chinese and Iranian state hackers — while a security firm loses 900,000 records to a single phone call

• EU names and sanctions the Chinese and Iranian companies behind years of cyberattacks on Europe: On March 16, the EU Council publicly named five actors — three companies, two individuals — responsible for state-sponsored cyberattacks against EU member states and their partners, and placed ...
• Cisco firewall zero-day CVSS 10.0: Interlock ransomware had root access 36 days before anyone knew: The device meant to protect your network from attackers became the attackers' entry point. CVE-2026-20131 is a CVSS 10.0 flaw in Cisco Secure Firewall Management Center (FMC) — the admin consol...
• LeakNet ransomware's new trick: you visit a legitimate website, paste one command, and your files disappear: LeakNet ransomware has a new entry method — and it doesn't require you to click a suspicious email or download a shady file. The group now compromises legitimate websites and injects fake CAPTC...
• ShinyHunters hacked an identity protection company — via one phone call to one employee: Aura is a company that sells identity protection. Its product monitors for breaches, alerts customers when their data appears online, and promises to keep personal information safe. On March 19...

Read full issue →

Iranian hackers abused Microsoft Intune to remotely wipe 200,000 devices at medtech giant Stryker across 79 countries

• Iranian hackers wipe 200,000 devices at Stryker — using the IT admin tools you already have: On March 11, Iran-linked hacktivist group Handala wiped over 200,000 laptops, phones, and servers at medtech giant Stryker — in a single morning — using Microsoft Intune. Not a zero-day, not a ...
• Platform Spotlight: Every learn article now shows you which CyFun controls it covers: Reading a news story about a wiper attack and wondering which CyFun control covers MDM security? You can now find out in one click. This week, 56 articles across the /learn library were updated...
• Belgium helped take down LeakBase — the stolen-credential market with 142,000 users: On March 3-4, Europol coordinated a global law enforcement operation that dismantled LeakBase, one of the internet's largest stolen-credential trading forums. Belgium was among the 14 participa...
• March Patch Tuesday: patch your SQL Server now — zero-day actively exploited: Microsoft's March 2026 Patch Tuesday dropped 84 fixes including two actively exploited zero-days, and one of them is in SQL Server. CVE-2026-21262 (CVSS 8.8) allows an attacker with network acc...

Read full issue →

Operation Epic Fury sparks global cyber escalation — 60+ hacktivist groups mobilize as Iran's internet drops to 1%

• Cyber war goes live — Operation Epic Fury triggers global escalation: On February 28, the United States and Israel launched a joint military offensive against Iran — and the cyber dimension lit up within hours. Palo Alto Networks' Unit 42 threat brief documents w...
• Platform Spotlight: NIS2 countdown — 6 weeks to audit day: April 18, 2026. That's when essential entities must demonstrate at least CyFun Basic or Important level compliance. As of this week, that's 6 weeks away. If you've registered (4,000+ entities h...
• Google dismantles Chinese espionage network hiding in Google Sheets: A China-linked threat actor breached at least 53 government and telecom organizations across 42 countries — and used Google Sheets as their command-and-control channel. Google's Threat Intellig...
• LexisNexis confirms breach — 400K profiles, government emails exposed: Legal data giant LexisNexis confirmed this week that hackers breached its AWS infrastructure and leaked 2 GB of stolen data. The threat actor "FulcrumSec" published the data on underground foru...

Read full issue →

WEF Global Cybersecurity Outlook 2026: cyber-enabled fraud overtakes ransomware as top CEO concern — and SMEs are 2.5× more exposed

• Fraud is the new ransomware — WEF Global Cybersecurity Outlook 2026: Forget ransomware for a moment — your CEO is already more worried about fraud. The World Economic Forum's Global Cybersecurity Outlook 2026, based on 800 global leaders surveyed, confirms a str...
• Platform Spotlight: Flat pricing, MSP-first — compliance at €25/client/month: We've simplified everything. This week we completed our pivot to a clean, MSP-first model: flat €25/client/month, all features included, across all tiers. No per-seat tiers. No feature gates. N...
• Your compliance data is a hacker's blueprint — and it's probably stored in a US data center: The top 5 compliance platforms by market share — Vanta, Drata, Sprinto, Secureframe, Tugboat Logic — are all US-headquartered, with US-based cloud infrastructure as their default. Most people r...
• Qilin ransomware claims IT provider — when your MSP gets hit, your clients do too: On February 23, Qilin ransomware group added Plan-IT Office Solutions to their leak site — another IT provider in the crosshairs. Qilin entered 2026 on a rampage: 55 victims posted in the first...

Read full issue →

NoName057(16) launches 120+ DDoS attacks on Milano Cortina — Italy fires up its biggest-ever cyber command center

• Olympic cyberwars: Russia targets Milano Cortina with 120+ DDoS attacks: The Winter Olympics got a cyberattack before the first medal was awarded. Pro-Russian hacktivist group NoName057(16) launched over 120 DDoS attacks targeting Italy's Milano Cortina 2026 Winter ...
• Platform Spotlight: Your compliance GPS has arrived: Imagine opening the app and knowing exactly what to do next — every single time. This week we shipped the guided compliance Navigator, a todo-driven workflow that turns audit readiness from a v...
• Odido breach: 6.2 million Dutch customers exposed by a phone call: The Netherlands' largest mobile operator just lost 6.2 million customer records — and the attackers didn't exploit a single vulnerability. Dutch telecom giant Odido confirmed on February 13 tha...
• BeyondTrust scores a near-perfect 9.9 — on the CVSS vulnerability scale: When your remote access tool scores 9.9 out of 10 on the vulnerability scale, "critical" doesn't quite capture it. CVE-2026-1731, a command injection flaw in BeyondTrust Remote Support and Priv...
• Belgium's NIS2 milestone: 2,410 organizations registered — and counting: Belgium just pulled off the largest cybersecurity compliance operation in its history. The Centre for Cybersecurity Belgium (CCB) announced that 2,410 organizations from critical sectors have r...

Read full issue →

Microsoft fixes 6 actively exploited zero-days — just in time for the unluckiest day of the year

• Microsoft's Friday the 13th: 6 zero-days patched just before the unluckiest day of the year: Jason's got nothing on Microsoft's February Patch Tuesday. While the horror franchise scares with a hockey mask, Redmond delivered real terror on February 11 with six actively exploited zero-da...
• Platform Spotlight: The wiki-centric compliance engine is here: Turning wiki pages into audit-ready documentation just got stupid simple. This week we shipped the wiki-centric compliance engine — a system that lets MSPs make clients audit-ready without ever...
• Ransomware surges 49% — and two-thirds of victims are SMEs: The ransomware business is booming, and SMEs are paying the price — literally. BlackFog's State of Ransomware 2026 report, released February 12, shows a 49% increase in attacks year-over-year. ...
• First malicious Outlook add-in found in the wild — 4,000 credentials stolen: Someone finally weaponized the Outlook add-in ecosystem. Cybersecurity researchers discovered the first malicious Microsoft Outlook add-in deployed in the wild — a supply chain attack that hija...
• University of Hawaii Cancer Center hit by ransomware — research data exposed: Ransomware just disrupted cancer research, and the damage goes beyond data. The University of Hawaii Cancer Center confirmed a ransomware attack that compromised research servers, encrypted fil...

Read full issue →

Russian hackers spoof Brussels university event to steal Microsoft 365 credentials

• Russian hackers spoof Brussels VUB event to steal Microsoft 365 credentials: Russian state-linked threat group UTA0355 impersonated staff from the Centre for Security, Diplomacy, and Strategy at Vrije Universiteit Brussel, sending fake invitations to the "Brussels Indo-...
• Platform Spotlight: Import your asset inventory with AI-powered CSV mapping: You can now import CSV files directly into Easy Cyber Protection — and the AI figures out which columns map to which fields. Upload your device list, user inventory, or any spreadsheet, and our...
• EU SECURE project offers up to €30,000 for SME cybersecurity: The EU-funded SECURE project — with Belgium's CCB as a consortium partner — opened its first call for proposals on January 28, offering European SMEs grants of up to €30,000 to prepare for the ...
• Fortinet FortiCloud SSO zero-day exposes 3.2 million devices: Fortinet confirmed active exploitation of CVE-2026-24858 (CVSS 9.4), an authentication bypass in FortiCloud SSO that allowed any FortiCloud account holder to log into other users' Fortinet devi...
• BASF, Dassault Systèmes, and Honeywell breached by same threat actor: On February 3, threat actor "0APT" claimed breaches of three major industrial companies in a single day: BASF (2TB of data), Dassault Systèmes, and Honeywell. The coordinated timing suggests ei...

Read full issue →

45% surge in 2025 signals tougher year ahead for Belgian SMEs

• Ransomware surge: 45% increase in 2025, SMEs in the crosshairs: NordStellar research reveals a staggering 9,251 ransomware cases in 2025 — a 45% jump from 2024's 6,395 cases. Experts predict the number will exceed 12,000 incidents in 2026. For Belgian SMEs,...
• Platform Spotlight: Knowledge base goes live with 50 articles: This week we launched the Learn section — 50 articles covering NIS2, CyberFundamentals, security basics, practical guides, and industry-specific advice. Every article is available in English, D...
• LockBit takedown hero honored by King Charles in New Year Honours: Gavin Webb, the UK National Crime Agency officer who led Operation Cronos, received an OBE in King Charles III's New Year Honours list. Operation Cronos was the 2024 international effort that d...
• European Space Agency opens criminal investigation after 500GB data theft: The European Space Agency confirmed a criminal investigation after hackers claimed they stole 500GB of sensitive data, including operational procedures, spacecraft details, and proprietary cont...
• Belgium NIS2: Self-assessment deadline approaching (April 18, 2026): Belgian entities subject to NIS2 must submit their CyFun® AL Basic or Important self-assessment — or their ISO 27001 documentation — to the CCB by April 18, 2026. That's 12 weeks from today. ...

Read full issue →

EU proposes revised Cybersecurity Act to secure supply chains and simplify NIS2 compliance

• EU proposes revised Cybersecurity Act to secure supply chains: January 20: The European Commission proposed a sweeping revision of the EU Cybersecurity Act, targeting ICT supply chain security and simplifying compliance for businesses across Europe. The pa...
• Platform Spotlight: 50 Learn articles go live: Big week for the platform. We published 50 articles across the Learn section — covering NIS2, CyberFundamentals, security basics, practical guides, and industry-specific advice. Every article i...
• LastPass customers targeted by phishing campaign stealing master passwords: January 19: A phishing campaign launched over the US holiday weekend targeted LastPass users with fake maintenance emails, trying to steal their master passwords. The attackers sent emails from...
• Clop's Oracle zero-day rampage hits 100+ organizations worldwide: The Clop ransomware gang exploited a critical Oracle E-Business Suite zero-day (CVE-2025-61882) to steal data from over 100 organizations — including Dartmouth College, Harvard, The Washington ...

Read full issue →

Belgian hospital AZ Monica shuts down after ransomware attack

• Belgian hospital AZ Monica forced offline by cyberattack: January 13, 6:32 AM: AZ Monica hospital in Antwerp disconnected all servers after detecting a cyberattack. The incident forced Belgium's largest private hospital to cancel 70 operations, postpo...
• Platform Spotlight: Activity log & incident tracking: Big week for the platform. We shipped a complete activity tracking system — so you always know what changed, when, and by whom. Activity log for controls & tasks — every checklis...
• BlackBasta ransomware leader added to EU Most Wanted: January 15: German and Ukrainian police raided homes of BlackBasta ransomware suspects, and Germany named the group's alleged leader. Oleg Nefedov, a 35-year-old Russian national, was placed on...
• Under Armour breach exposes 72 million customer accounts: January 18: The Everest ransomware group dumped data from 72.7 million Under Armour customer accounts on a cybercrime forum. Have I Been Pwned confirmed the breach — making it one of the larges...

Read full issue →

Fake Booking.com emails deploy infostealers across European hotels

• ClickFix phishing targets European hotels via fake Booking.com emails: Late December: A phishing campaign dubbed PHALT#BLYX hit the European hospitality sector with fake Booking.com reservation cancellations. Securonix researchers tracked the multi-stage operation...
• Platform Spotlight: CyFun Basic goes live: This was our biggest platform update yet. CyFun Basic — 34 CyberFundamentals controls — is now live on Easy Cyber Protection. 34 Basic controls — the complete CyberFundamentals B...
• Ledger customers hit by third-party Global-e breach: January 5: Hardware wallet maker Ledger confirmed that customer data was exposed through a breach at Global-e, its third-party payment processor. The attack didn't touch Ledger's platform, hard...
• ALPHV/BlackCat insiders unmasked — cybersecurity pros turned ransomware operators: January 2: Two U.S. cybersecurity professionals pleaded guilty to running ransomware attacks using the ALPHV/BlackCat platform. This is one of the rarest things in cybercrime: actual names and ...

Read full issue →

Russia attacks NATO power grid as holiday cyberattacks escalate

• Russia hits Poland's power grid — first Sandworm attack on NATO: December 29-30: Russia's GRU launched a data-wiping attack on Poland's energy infrastructure. ESET researchers now confirm it was Sandworm — the same unit behind Ukraine's 2015 blackout. This m...
• Platform Spotlight: EasyHabits & fresh branding: New year, new tools. We kicked off 2026 with a companion app, a new logo, and smarter defaults. EasyHabits — A new companion app that helps you build better security habits. It r...
• MongoBleed exploited hours after PoC release: CVE-2025-14847 went from patched to exploited in less than 48 hours. The vulnerability — dubbed "MongoBleed" — allows unauthenticated attackers to leak sensitive data from MongoDB servers by ab...
• 2026 security predictions: what the experts see coming: As we roll into 2026, the cybersecurity industry is unified on one thing: AI will dominate both attacks and defenses. But beyond that headline, the predictions get more specific — and more alar...

Read full issue →

Hackers hit La Poste before Christmas — and Romania's energy grid is next

• La Poste knocked offline before Christmas: France's national postal service was hit by a DDoS attack on December 23, right before Christmas. Pro-Russian hacking group NoName057(16) claimed responsibility, and French intelligence agency ...
• Platform Spotlight: invite your team, manage your partners: Our biggest collaboration update yet. You can now invite team members, assign roles, and — if you're a security partner — manage client organizations from one place. User & acces...
• Romania's energy grid hit next: On December 26 at 01:40, the "Gentlemen" ransomware group struck Romania's Oltenia Energy Complex — the country's largest coal-based power producer, responsible for 30% of Romania's electricity...
• European Space Agency data breach: A threat actor known as "888" claims to have stolen 200GB of sensitive data from the European Space Agency (ESA). The alleged haul includes source code, confidential documents, and internal sys...
• 2025: the year cyber got personal: As 2025 wraps up, the numbers tell a brutal story. This was the year cybersecurity stopped being an abstract IT problem and became a real business threat for companies of every size. The ...

Read full issue →

Romania's water authority hit by ransomware — and hackers gear up for the holidays

• Romania's water authority hit by ransomware: On December 20, Romania's national water authority had 1,000 systems encrypted in a ransomware attack. The attackers hit 10 of 11 river basin management offices across the country. The cl...
• Platform Spotlight: new name, passwordless login, three languages: Big week for the platform. We rebranded to Easy Cyber Protection, shipped passwordless login, and launched full trilingual support. Here's what changed: Passwordless login ...
• German SMBs are getting hammered: Two more German SMBs made headlines this month — and not in a good way. Klingele Paper & Packaging Group, a mid-sized manufacturer, had 450GB of data stolen by the INC ransomware group. C...
• Hackers love the holidays: 52% of ransomware attacks in the past year happened on a weekend or holiday. And 78% of organizations reduce their security staff during the holiday period. Do the math. Fewer defenders +...
• Cyber Resilience Act: the clock is ticking: The EU's Cyber Resilience Act hit its first milestone on December 11, with the Commission adopting a delegated act on vulnerability notification delays. If you sell or use products with d...

Read full issue →

Europe's largest economy activates its cybersecurity law — and hackers don't take holidays

• Germany activates its NIS2 law: On December 6, Germany's NIS2 Implementation Act came into force. Europe's largest economy is now enforcing stricter cybersecurity obligations on essential and important entities. Why thi...
• France's Interior Ministry gets hacked: Overnight on December 11-12, hackers compromised the email servers of France's Ministry of the Interior. Yes, the ministry responsible for national security. The irony isn't lost on anyon...
• Holiday phishing hits record levels: 51% of all Christmas-themed emails are now scams. Researchers detected over 33,000 phishing emails in just two weeks — and that's only what they caught. The most common tricks this season...

Read full issue →

Easy Cyber Protection is here to help Belgian SMEs secure their business

• We launched Easy Cyber Protection: This week marks the beginning of Easy Cyber Protection. We built a platform to help Belgian SMEs get their cybersecurity in order — without needing an IT department or expensive consultants. ...
• CyFun 2025: Belgium updates its cybersecurity framework: Big news from the Centre for Cybersecurity Belgium (CCB): they just released CyFun 2025, a major update to the CyberFundamentals framework. What changed? Aligns with NIST C...
• SMBs are now the #1 target for hackers: 70.5% of data breaches in 2025 targeted small and medium businesses. Not large enterprises — SMBs. Why the shift? Large companies invested heavily in cybersecurity and stop...

Read full issue →