#CyberLearn Updates
Stay up to date with new guides and improvements
7 May 2026
What is Ransomware?
Added a 5th exfiltration-attack case: SafePay + ETTP (May 6, 2026). SafePay explicitly disavows the ransomware-as-a-service model, runs every operation in-house, and openly targets SMBs, MSPs and organisations with downstream partner networks across the US and Western Europe (400+ claimed victims since September 2024). ETTP is the fourth named Belgian victim in five weeks — Fountain (DragonForce, w15), Anderlues (TheGentlemen, w17), Van Heyghen + ISoSL (APT73, w18), now ETTP — making "one named Belgian victim per week" a documented 2026 pattern.
Read articlePatch Management: Protect Against Zero-Days
Added a 6th zero-day case: the CCB patch wave of May 4-7, 2026. Belgium's Centre for Cybersecurity issued a critical "patch immediately" advisory every weekday for four consecutive days — MOVEit Automation CVE-2026-4670 (auth bypass, CVSS 9.8, same product family as Clop 2023), n8n critical, Apache HTTP Server multi-RCE, and Ivanti EPMM authenticated RCE actively exploited. Concrete textbook example for the 48-hour-response rule the article already advocates.
Read articleWhat is the CCB?
Added a 2025 entry to the CCB history timeline: 635 incident notifications recorded — up 70% year on year. 556 cyber-related, 144 account-compromise cases (top category), 105 ransomware. Public administration and healthcare are the most-targeted sectors. Sourced from the CCB's own 2025 figures release.
Read articleIncident Response: Recovery Playbook
Extended the Temse vs Anderlues "fast-detection-wins" case with a Belgian baseline bookend: the CCB recorded 635 incident notifications in 2025 (+70% YoY), 144 account-compromise cases as the top category and 105 ransomware. Frames detection capability as the only variable that bends the recovery curve as the threat baseline shifts.
Read article30 April 2026
Two-Factor Authentication (2FA) Explained
Real Impact callout extended with the second 2026 MFA-bypass pattern: helpdesk vishing. Names Scattered Spider / DragonForce hitting Marks & Spencer, the Co-op and Harrods in April 2026 by phoning the IT helpdesk impersonating an employee and asking for an MFA reset. Defence is now framed as procedural ("never reset MFA without an out-of-band callback to a verified phone number") plus the technical (FIDO2/passkeys).
Read articleSocial Engineering Attacks
Vishing entry expanded to cover the 2026 helpdesk-vishing escalation: the same English-speaking Scattered Spider / DragonForce affiliate behind the M&S, Co-op and Harrods incidents (April 2026, UK Cyber Monitoring Centre Category-2 event, £270M-£440M projected losses). Defence framed as a strict callback rule, not a security-awareness poster.
Read articleCybersecurity for Retail
Added a 5th common-threat entry: Helpdesk Vishing & Identity-Provider Attacks. Frames the M&S (April 22) + Co-op (April 30) + Harrods 9-day cyber-hurricane in April 2026 with the DragonForce / Scattered Spider playbook. Includes UK Cyber Monitoring Centre Category-2 classification (£270M-£440M projected losses) and the M&S online-store closure of nearly seven weeks.
Read articleWhat is Ransomware?
Added a 2nd "How does ransomware spread?" method: bought infostealer credentials. Frames the 2026 reality that ransomware operators do not earn the front door, they buy it. Hudson Rock data on the APT73 / Bashe leak site (141 victims since April 2024, including Belgian victims Van Heyghen Staal and ISoSL listed April 27, 2026) shows ~44% of APT73 victims had prior infostealer infections. References the LeakBase market that Belgium and Europol dismantled in March 2026 (142,000 users).
Read articleCybersecurity for IT Partners
New FAQ entry on RMM-tool urgency: "My RMM tool just got a critical CVE — should I patch it tonight?" Names ConnectWise ScreenConnect CVE-2024-1708 added to the CISA Known Exploited Vulnerabilities catalogue on April 28, 2026. Frames RMM, remote-access agents and any tool with admin privileges across multiple tenants as Tier-0 infrastructure: same-day patching, credential rotation, and session hunt back to February.
Read articleEmployee Security Training Guide
New training topic added (Critical priority): Helpdesk Vishing & MFA Reset Drills. Includes the 2026 attack pattern, the strict callback rule, a drill scenario ("IT calls and asks for your MFA code — what do you do?"), and the M&S / Co-op / Harrods April 2026 anchor.
Read articleThe Real Cost of a Data Breach
New problem-section bullet on the enterprise scale-up: Marks & Spencer projects ~£376M in profit losses from its April 2026 incident; UK Cyber Monitoring Centre put the combined M&S + Co-op damage at £270M-£440M. Frames the damage-to-defence-spend ratio as the same at every business size — only the absolute number scales with revenue.
Read article29 April 2026
Missed the Belgian NIS2 Deadline? What Changes on April 18, 2026
New pillar article on the urgency arc. Covers what the April 18, 2026 self-assessment deadline actually required, three concrete remediation paths (late CyFun BASIC self-assessment, CAB audit at IMPORTANT or ESSENTIAL tier, ISO 27001 with a NIS2 SoA), and the CCB enforcement posture sourced from public guidance.
Read articleCyFun Audit Preparation: The 8-Week Plan
New flagship guide. Week-by-week plan to be CAB-audit ready in CyFun BASIC: scope (W1), risk register (W2), policies (W3-4), evidence collection (W5-6), mock self-assessment run (W7), submission (W8). Each week ends with the common pitfall the workbook flags and how ECP automates it. HowTo schema with all 8 steps.
Read articleCyFun CAB Audit Cost: What a Belgian NIS2 Audit Actually Costs
New money-keyword article. Honest cost ranges for the four buckets (CCB framework €0, preparation 2-6 months internal time, CAB audit fees €5K-€25K industry-reported, optional consultancy €15K-€60K), three-path comparison table, and authoritative ECP MSP pricing (Starter €399 → Enterprise MSP €4,999/month). Disclosure callout up front: cost ranges are industry-reported, not CAB-published rate cards.
Read articleHow to Run a CyFun Mock Audit on Your Own
New 5-phase DIY self-check using the same CCB workbook + 1-5 maturity rubric a real CAB audit uses: evidence prep (Day 1-2), score Documentation maturity (Day 3-4), score Implementation maturity (Day 5-6), gap list + roadmap (Day 7), second-reviewer challenge (Day 8). Honesty rubric callout for self-scoring.
Read articleHow to Talk to Your IT Partner About a CyFun CAB Audit
New bridge article for SME owners. Pre-filled email template with 5 specific questions (familiarity with CyFun, scoping a BASIC self-assessment, evidence collection, tooling vs Excel, IMPORTANT-tier prep), plus 3 signals to read in the partner's reply. Slots into the existing /partner referral pattern.
Read articleNIS2 Audit Preparation Guide
Apr 2026 refresh. The forward-tense "April 2026: deadline approaching" callout is now a past-tense "April 18 deadline passed" with a link to the missed-deadline remediation paths. Timeline section updated to past tense. Voice rewrite of the "what auditors look for" section: now framed around what the CCB CyberFundamentals workbook expects (GV-PO, GV-RM, RS-IR, RC-BA, GV-SC, PR-AT control families) — sourced framing, not auditor preferences. EN/NL/FR.
Read articleNIS2 Penalties
New Apr 2026 enforcement-context callout sourcing CCB 635 mandatory incident notifications in 2025 (+70% YoY per the CCB 2025 annual activity report) and the D3 Security April 2026 readiness gap (84% not fully ready, ~25% not started). Frames CCB enforcement posture as remediation-first per published guidance, not automatic sanctions for a missed date. EN/NL/FR.
Read article23 April 2026
Incident Response
Added a dated "fast detection wins" example in the Signs section: Temse (East Flanders, April 16-23, 2026, VRT NWS) caught unauthorised remote-monitoring software and contained it in 5 days with CCB + Polis support. Contrast with Anderlues (Hainaut, April 20, 2026, RTBF) where slower detection ended on the TheGentlemen leak site.
Read articleWhat is Ransomware?
Added TheGentlemen + Anderlues (April 20, 2026, RTBF) to the exfiltration-only examples and named the 2026 pattern: Belgian communes and gemeentes are a preferred target because IT staff and budget are limited while public-facing services cannot simply go offline. Checkpoint Research published a full TheGentlemen DFIR writeup in April 2026 including the SystemBC backdoor chain.
Read articleWhat is Phishing?
New section added: Fake-Breach Extortion. Covers the April 21, 2026 Bol.com case (Security.NL, RetailDetail) where a crime-forum seller listed 400,000 fabricated "customer records" padded with AI-generated rows and stitched onto older breach data. Bol confirmed no incident. Playbook: validate sample data against your schema before you deny, because denying fast on bad data is nearly as damaging as confirming fast.
Read articlePatch Management
Added Cisco Webex CVE-2026-20184 (CVSS 9.8, April 17, 2026) to the Recent Zero-Day Examples: SAML assertion forging in Control Hub / SSO lets an unauthenticated attacker impersonate any Webex user including admins. CCB issued a Yellow/High advisory. Remediation: apply Cisco patch, re-upload the SAML certificate in Control Hub to invalidate pre-patch sessions, review admin audit logs.
Read article22 April 2026
ECP vs Cynomi: Which Fits Your Belgian MSP?
New head-to-head comparison with the global vCISO platform. Covers pricing shape, framework focus, MSP multi-tenancy, CyFun recognition (Belgium, Ireland, other EU), and four honest FAQs including "can I use both?" and "what if I'm not Belgian-focused?"
Read articleECP vs Cyberday: Which Fits Your Belgian MSP?
New head-to-head comparison with the Finnish ISMS platform. Concrete pricing math (Cyberday €250–€1,990/mo tiered by employee count vs ECP MSP-tier base + per-client by client size), framework coverage table (Cyberday 70+ frameworks vs ECP CyFun-native), and honest answers on "why is ECP cheaper?" and white-labelling.
Read article20 April 2026
What to Expect from Your MSP's NIS2 Audit-Readiness Program
New client-facing explainer for SMEs. Walks through the four phases, realistic timelines (1-3 months for well-equipped clients, 4-6 months with gaps, 6-9+ months greenfield), what you do versus what your MSP does, and what "audit-ready" actually means.
Read articleHow to Scope an NIS2 Audit-Readiness Engagement
New MSP-facing scoping guide. Covers the platform-work versus engagement-work split (the #1 missed scoping item), three client-profile timelines, how to price the monthly subscription separately from one-off implementation work, and scope warnings that prevent expectation breaches.
Read article13 April 2026
Policies vs Standards vs Procedures vs Guidelines
New guide explaining the 4-tier document hierarchy every compliance programme needs. Covers the difference between policies (what & why), standards (how much), procedures (how to), and guidelines (recommended approach) — with a CyFun/NIS2 mapping table and Belgian SME examples.
Read article9 April 2026
NIS2 Supply Chain Security
Added Vivaticket breach (April 2026) as a concrete supply chain multiplier example: one shared ticketing vendor compromised → 3,500 European cultural sites disrupted (Louvre, Eiffel Tower, Notre-Dame). Added to Cloud and SaaS providers tier in all three languages.
Read articleWhat is Ransomware?
Added Dragonforce + Fountain Belgium (April 2026) to the exfiltration-only examples: Malaysia-based RaaS cartel (363+ victims, white-label affiliate model) hits a publicly-listed Belgian workplace services company. Reinforces the "no sector is too ordinary" message.
Read article2 April 2026
Patch Management
Replaced stale Citrix Bleed (2023) example with Citrix NetScaler CVE-2026-3055 (CVSS 9.3, April 2026): memory overread in SAML IDP configuration leaks authenticated session tokens to unauthenticated attackers. Actively exploited since March 27; added to CISA KEV April 1.
Read articleWhat is NIS2?
Added April 18, 2026 hard deadline: Belgian entities must submit CyFun Basic/Important self-assessment or ISO 27001 SoA to the CCB. Of 2,410+ registered organizations, ~25% are not yet ready. After April 18, CCB can begin enforcement and fines.
Read articleCompliance Roadmap
Added April 18, 2026 CCB submission deadline to Phase 1 tip — shifts the timeline from vague "start now" to a concrete legal deadline requiring immediate action.
Read articleEmail Security
Added DKIM signing key compromise as a new threat vector in tip 3: even emails from trusted official domains can be forged if the sender's DKIM keys are stolen in a breach (e.g. European Commission, March 2026). Always verify unexpected urgent requests by phone.
Read article26 March 2026
Two-Factor Authentication
Added adversary-in-the-middle (AITM) caveat to the "99.9% blocked" stat: Tycoon 2FA (dismantled by Europol, March 2026) proved standard MFA can be bypassed via session-proxy. FIDO2/passkeys highlighted as the only AITM-resistant method.
Read articlePhishing
Added Phishing-as-a-Service (PaaS) as a new attack type: Tycoon 2FA ran 96,000 attacks globally including 500 Belgian victims, dismantled by Europol and Microsoft in March 2026.
Read articleSocial Engineering
Added real-world example of phishing panel real-time victim control via Telegram bot — documented by Belgian ethical hacker Inti De Ceukelaire (March 2026) against Argenta, Belfius, KBC, ING, and CBC.
Read article23 March 2026
CyberFundamentals vs ISO 27001
Clarified that the CCB explicitly accepts ISO/IEC 27001:2022 as a valid NIS2 conformity path (same legal presumption as CyFun), with SoA requirement. Added new FAQ: Microsoft 365, Purview and Secure Score do not cover CyFun compliance.
Read articleCyberFundamentals Framework Guide
Updated FAQ: both CyFun and ISO 27001 are accepted by CCB for NIS2 conformity. ISO 27001 requires a Statement of Applicability showing equivalence to the relevant CyFun level.
Read article15 March 2026
NIS2 in Belgium
New article covering Belgian NIS2 law, CCB role, CyberFundamentals framework tiers, registration statistics, and Belgian-specific deadlines.
Read articleThe NIS2 Directive Explained
New article explaining EU Directive 2022/2555: legal background, NIS1 vs NIS2 comparison, key articles (21, 23, 32-33), and Belgian transposition.
Read articleNIS2 Certification
New article comparing CyberFundamentals and ISO 27001 certification paths, tier requirements, audit process, and cost considerations.
Read articleNIS2 Audit Preparation
New article on what auditors look for, self-assessment vs external audit, 5-step preparation guide, and MSP audit support angle.
Read article12 March 2026
NIS2 Requirements
Added April 18, 2026 deadline warning — 5 weeks to go. 2,410 entities registered, 70-75% implementing.
Read articleRansomware
Added wiper malware section — Stryker/Handala attack (200K devices wiped via Microsoft Intune, March 2026).
Read articleIncident Response
Added MDM/device management tools as attack vector warning with detection signs.
Read articlePasswords
Added credential marketplace context — LeakBase takedown (142K users, Europol, March 2026).
Read articlePatch Management
Added SQL Server CVE-2026-21262 (CVSS 8.8) and Microsoft Patch Tuesday monitoring guidance.
Read articleAccess Control
Added management console warning — cloud admin portals as highest-value targets (Stryker MDM example).
Read article5 March 2026
NIS2 Deadlines
Added 75% CyFun framework adoption statistic — validates CyberFundamentals as the dominant compliance path for Belgian NIS2 entities.
Read article26 February 2026
Social Engineering
Added AI voice cloning warning to vishing section, citing WEF Global Cybersecurity Outlook 2026.
Read articleNIS2 Supply Chain
Added Qilin ransomware as concrete example of MSP-targeted supply chain attacks.
Read articleCybersecurity for IT Partners
Added warning that MSPs are primary ransomware targets (Qilin) with NIS2 supply chain implications.
Read articleSelf-Service vs Managed
Added data sovereignty FAQ: where compliance data lives matters — it contains your security blueprint.
Read articleWhy MSPs Should Offer Compliance
Updated deadline stat from vague "2026" to specific "April 18, 2026" self-assessment deadline.
Read article24 February 2026
NIS2 Supply Chain Compliance
New article explaining how NIS2 reaches organisations not directly regulated — through supply chain obligations in Article 21(2)(d). What your clients will ask and how to prepare.
Read articleHow to Talk to Your IT Partner About NIS2
Practical conversation guide for SME owners who need to discuss NIS2 readiness with their IT partner. Includes key questions and what answers to expect.
Read articleWhat to Ask Your MSP About Cybersecurity
Evaluation checklist for SMEs working with a managed service provider. Know what to ask about incident response, compliance support, and security monitoring.
Read articleNIS2 Readiness: What Your IT Partner Needs to Know
Designed to be forwarded to your IT partner. Covers the compliance framework, timeline, and specific technical capabilities needed to support NIS2 clients.
Read articleWhy Your MSP Should Offer Compliance Services
For IT partners exploring the compliance opportunity. How NIS2 creates recurring revenue and stronger client relationships through audit-readiness services.
Read article19 February 2026
NIS2 Deadlines Belgium
Updated registration numbers: 2,410 critical-sector organizations registered with CCB (previously ~2,000). 4,000+ across all sectors. Self-assessment deadline now 8 weeks away.
Read articleWho Must Comply with NIS2?
Updated Belgian entity registration stat from ~2,000 to 2,410 critical-sector organizations (CCB February 2026 announcement).
Read article13 February 2026
Access Control Guide
New guide on least privilege, role-based access control, and credential hygiene. Practical steps for SMEs to limit who gets in and what they can do.
Read article5 February 2026
NIS2 Deadlines Belgium
Updated with critical April 18, 2026 self-assessment deadline (10 weeks away), new CAB accreditation timeline, and July 2026/April 2027 milestones. ~2,000 entities now registered.
Read articleWho Must Comply with NIS2?
Added EU "small mid-cap" category (proposed Jan 2026), updated Belgian entity registration numbers (~2,000), and April 18 self-assessment deadline.
Read articleNIS2 for SMEs
Updated with expanding scope through "small mid-cap" category and growing supply chain obligations. Belgium now has ~2,000 registered entities.
Read articleNIS2 Compliance Checklist
Added April 18, 2026 self-assessment deadline warning. Essential entities must submit CyFun or ISO 27001 documentation to the CCB.
Read articleNIS2 Penalties & Fines
Added new ransomware-specific reporting requirements: attack vector, mitigation measures, and ransom payment disclosure obligations.
Read articleCyberFundamentals Certification
Updated: an estimated 70-75% of in-scope entities have started framework implementation. CAB accreditation concluding April 2026.
Read article29 January 2026
AI-Driven Cyber Threats
Learn how hackers use AI to create better phishing emails, clone voices, and automate attacks. Practical tips to defend your business.
Read articlePatch Management Guide
Keep your software up-to-date without the headache. A simple 6-step process for SMEs to handle updates and respond to critical vulnerabilities.
Read articleWhat is Ransomware?
Added new section on data exfiltration attacks - the shift from encrypting files to stealing data and threatening to publish it.
Read articleVendor Security Assessment
Added real-world supply chain breach case studies (Ledger, Clop, ESA) to show why supplier security matters.
Read article