#CyberWeekly

December 29-30: Russia's GRU launched a data-wiping attack on Poland's energy infrastructure. ESET researchers now confirm it was Sandworm — the same unit behind Ukraine's 2015 blackout. This marks the first known Sandworm operation targeting a NATO member's critical infrastructure.

The attack deployed a new wiper malware called DynoWiper, designed to destroy data on infected systems. The targets:

• Two combined heat and power plants — facilities that produce both electricity and heat for local communities
• Wind and solar management systems — platforms controlling renewable energy distribution
• Potential impact: 500,000 people could have lost power if the attack succeeded

The timing wasn't random. The attack came exactly 10 years after Sandworm cut power to 230,000 Ukrainians in December 2015 using the BlackEnergy malware. That was the first malware-facilitated blackout in history.

For Belgian businesses: this isn't just about Poland. Critical infrastructure attacks are spreading beyond Ukraine. When a NATO member's power grid is targeted, the message is clear: no one is off limits. If your business depends on energy, transport, or utilities, you're in the blast radius. Your incident response plan needs to account for state-sponsored attacks, not just ransomware.

New year, new tools. We kicked off 2026 with a companion app, a new logo, and smarter defaults.

• EasyHabits — A new companion app that helps you build better security habits. It runs in your browser, works offline, and includes an AI coach powered by a local language model — your data never leaves your device.
• New shield logo — Simplified branding with a clean shield icon that works at any size.
• Smart language detection — The platform now detects your browser language and loads the right translation automatically. No more manual switching.
• Yearly billing — Simplified pricing with annual plans and clear "why it's free" messaging for the starter tier.
• Smoother invites — Invited users now skip the onboarding wizard and land directly in their organization.

Small tools, big impact. Building good security habits is half the battle.

CVE-2025-14847 went from patched to exploited in less than 48 hours. The vulnerability — dubbed "MongoBleed" — allows unauthenticated attackers to leak sensitive data from MongoDB servers by abusing a flaw in the Zlib compression protocol.

The timeline tells the story:

• December 19: MongoDB releases patches
• December 24: Ox Security publishes technical analysis
• December 26: PoC exploit code goes public
• Within hours: Wiz observes active exploitation in the wild

What makes this dangerous: no authentication required. Attackers can extract session tokens, passwords, API keys, and database contents from Internet-exposed MongoDB instances without valid credentials.

The exposure is massive. Censys found over 87,000 vulnerable servers globally. Security researcher Kevin Beaumont puts the number above 200,000. Wiz reports that roughly 42% of cloud environments have vulnerable MongoDB instances.

For SMEs: if you're running MongoDB, patch immediately. If you can't patch right now, disable Zlib compression on the server. This is the kind of vulnerability that gets weaponized in mass scanning campaigns. Your exposure window is measured in hours, not days.

As we roll into 2026, the cybersecurity industry is unified on one thing: AI will dominate both attacks and defenses. But beyond that headline, the predictions get more specific — and more alarming.

Here's what the top security vendors and researchers are warning about:

• Agentic AI attacks — autonomous AI agents will execute multi-stage operations without human input, turning compromised agents into independent attack vectors
• Ransomware evolution — AI-driven operations will scan, exploit, and extort with minimal human involvement, focusing on data exploitation over encryption
• The death of VPNs — traditional VPNs will collapse as identity-based security and zero-trust network access become the primary defense
• Post-quantum urgency — organizations must accelerate the shift to post-quantum cryptography to defend against "harvest now, decrypt later" strategies
• AI as insider threat — autonomous AI agents with privileged access will become the new "insiders," requiring AI firewalls to prevent them from becoming vulnerabilities

The most creative prediction comes from Gartner: "Atrophy of critical thinking." They forecast that widespread GenAI usage will cause "a surge of lazy thinking," pushing 50% of organizations to implement "AI-free" skills assessments for hiring by end of 2026.

For Belgian businesses under NIS2: the regulatory pressure is only increasing. But the predictions make clear that compliance alone won't save you. The CyberFundamentals framework gives you a structured approach to closing the gaps before AI-driven attacks find them.