#CyberLearn Updates
Stay up to date with new guides and improvements
2 April 2026
Patch Management
Replaced stale Citrix Bleed (2023) example with Citrix NetScaler CVE-2026-3055 (CVSS 9.3, April 2026): memory overread in SAML IDP configuration leaks authenticated session tokens to unauthenticated attackers. Actively exploited since March 27; added to CISA KEV April 1.
Read articleWhat is NIS2?
Added April 18, 2026 hard deadline: Belgian entities must submit CyFun Basic/Important self-assessment or ISO 27001 SoA to the CCB. Of 2,410+ registered organizations, ~25% are not yet ready. After April 18, CCB can begin enforcement and fines.
Read articleCompliance Roadmap
Added April 18, 2026 CCB submission deadline to Phase 1 tip — shifts the timeline from vague "start now" to a concrete legal deadline requiring immediate action.
Read articleEmail Security
Added DKIM signing key compromise as a new threat vector in tip 3: even emails from trusted official domains can be forged if the sender's DKIM keys are stolen in a breach (e.g. European Commission, March 2026). Always verify unexpected urgent requests by phone.
Read article26 March 2026
Two-Factor Authentication
Added adversary-in-the-middle (AITM) caveat to the "99.9% blocked" stat: Tycoon 2FA (dismantled by Europol, March 2026) proved standard MFA can be bypassed via session-proxy. FIDO2/passkeys highlighted as the only AITM-resistant method.
Read articlePhishing
Added Phishing-as-a-Service (PaaS) as a new attack type: Tycoon 2FA ran 96,000 attacks globally including 500 Belgian victims, dismantled by Europol and Microsoft in March 2026.
Read articleSocial Engineering
Added real-world example of phishing panel real-time victim control via Telegram bot — documented by Belgian ethical hacker Inti De Ceukelaire (March 2026) against Argenta, Belfius, KBC, ING, and CBC.
Read article23 March 2026
CyberFundamentals vs ISO 27001
Clarified that the CCB explicitly accepts ISO/IEC 27001:2022 as a valid NIS2 conformity path (same legal presumption as CyFun), with SoA requirement. Added new FAQ: Microsoft 365, Purview and Secure Score do not cover CyFun compliance.
Read articleCyberFundamentals Framework Guide
Updated FAQ: both CyFun and ISO 27001 are accepted by CCB for NIS2 conformity. ISO 27001 requires a Statement of Applicability showing equivalence to the relevant CyFun level.
Read article15 March 2026
NIS2 in Belgium
New article covering Belgian NIS2 law, CCB role, CyberFundamentals framework tiers, registration statistics, and Belgian-specific deadlines.
Read articleThe NIS2 Directive Explained
New article explaining EU Directive 2022/2555: legal background, NIS1 vs NIS2 comparison, key articles (21, 23, 32-33), and Belgian transposition.
Read articleNIS2 Certification
New article comparing CyberFundamentals and ISO 27001 certification paths, tier requirements, audit process, and cost considerations.
Read articleNIS2 Audit Preparation
New article on what auditors look for, self-assessment vs external audit, 5-step preparation guide, and MSP audit support angle.
Read article12 March 2026
NIS2 Requirements
Added April 18, 2026 deadline warning — 5 weeks to go. 2,410 entities registered, 70-75% implementing.
Read articleRansomware
Added wiper malware section — Stryker/Handala attack (200K devices wiped via Microsoft Intune, March 2026).
Read articleIncident Response
Added MDM/device management tools as attack vector warning with detection signs.
Read articlePasswords
Added credential marketplace context — LeakBase takedown (142K users, Europol, March 2026).
Read articlePatch Management
Added SQL Server CVE-2026-21262 (CVSS 8.8) and Microsoft Patch Tuesday monitoring guidance.
Read articleAccess Control
Added management console warning — cloud admin portals as highest-value targets (Stryker MDM example).
Read article5 March 2026
NIS2 Deadlines
Added 75% CyFun framework adoption statistic — validates CyberFundamentals as the dominant compliance path for Belgian NIS2 entities.
Read article26 February 2026
Social Engineering
Added AI voice cloning warning to vishing section, citing WEF Global Cybersecurity Outlook 2026.
Read articleNIS2 Supply Chain
Added Qilin ransomware as concrete example of MSP-targeted supply chain attacks.
Read articleCybersecurity for IT Partners
Added warning that MSPs are primary ransomware targets (Qilin) with NIS2 supply chain implications.
Read articleSelf-Service vs Managed
Added data sovereignty FAQ: where compliance data lives matters — it contains your security blueprint.
Read articleWhy MSPs Should Offer Compliance
Updated deadline stat from vague "2026" to specific "April 18, 2026" self-assessment deadline.
Read article24 February 2026
NIS2 Supply Chain Compliance
New article explaining how NIS2 reaches organisations not directly regulated — through supply chain obligations in Article 21(2)(d). What your clients will ask and how to prepare.
Read articleHow to Talk to Your IT Partner About NIS2
Practical conversation guide for SME owners who need to discuss NIS2 readiness with their IT partner. Includes key questions and what answers to expect.
Read articleWhat to Ask Your MSP About Cybersecurity
Evaluation checklist for SMEs working with a managed service provider. Know what to ask about incident response, compliance support, and security monitoring.
Read articleNIS2 Readiness: What Your IT Partner Needs to Know
Designed to be forwarded to your IT partner. Covers the compliance framework, timeline, and specific technical capabilities needed to support NIS2 clients.
Read articleWhy Your MSP Should Offer Compliance Services
For IT partners exploring the compliance opportunity. How NIS2 creates recurring revenue and stronger client relationships through audit-readiness services.
Read article19 February 2026
NIS2 Deadlines Belgium
Updated registration numbers: 2,410 critical-sector organizations registered with CCB (previously ~2,000). 4,000+ across all sectors. Self-assessment deadline now 8 weeks away.
Read articleWho Must Comply with NIS2?
Updated Belgian entity registration stat from ~2,000 to 2,410 critical-sector organizations (CCB February 2026 announcement).
Read article13 February 2026
Access Control Guide
New guide on least privilege, role-based access control, and credential hygiene. Practical steps for SMEs to limit who gets in and what they can do.
Read article5 February 2026
NIS2 Deadlines Belgium
Updated with critical April 18, 2026 self-assessment deadline (10 weeks away), new CAB accreditation timeline, and July 2026/April 2027 milestones. ~2,000 entities now registered.
Read articleWho Must Comply with NIS2?
Added EU "small mid-cap" category (proposed Jan 2026), updated Belgian entity registration numbers (~2,000), and April 18 self-assessment deadline.
Read articleNIS2 for SMEs
Updated with expanding scope through "small mid-cap" category and growing supply chain obligations. Belgium now has ~2,000 registered entities.
Read articleNIS2 Compliance Checklist
Added April 18, 2026 self-assessment deadline warning. Essential entities must submit CyFun or ISO 27001 documentation to the CCB.
Read articleNIS2 Penalties & Fines
Added new ransomware-specific reporting requirements: attack vector, mitigation measures, and ransom payment disclosure obligations.
Read articleCyberFundamentals Certification
Updated: an estimated 70-75% of in-scope entities have started framework implementation. CAB accreditation concluding April 2026.
Read article29 January 2026
AI-Driven Cyber Threats
Learn how hackers use AI to create better phishing emails, clone voices, and automate attacks. Practical tips to defend your business.
Read articlePatch Management Guide
Keep your software up-to-date without the headache. A simple 6-step process for SMEs to handle updates and respond to critical vulnerabilities.
Read articleWhat is Ransomware?
Added new section on data exfiltration attacks - the shift from encrypting files to stealing data and threatening to publish it.
Read articleVendor Security Assessment
Added real-world supply chain breach case studies (Ledger, Clop, ESA) to show why supplier security matters.
Read article