LinkedIn Carousel - #CyberWeekly Week 23

Looks Legit

Your real booking details, an exploited firewall, a forgotten phone system: this week the familiar was the way in.

Your real booking details, weaponised for phishing

Platform: we put our full pricing in the open

CCB patch watch: exploited VPN, open phone system

Easy Cyber Protection

1/3

Your booking details became the bait: a hotel data breach turns into euro-draining phishing

Hundreds of Flemish hotel guests were scammed this week after a data breach exposed hotel reservation details across Belgian and Dutch hotels. Criminals used…

What happened: reservation data was stolen and used for targeted phishing. Guests get a WhatsApp or email message demanding payment "within 11 hours or your booking is cancelled," quoting their real name, dates and hotel. A hotel manager on the Belgian coast told Het Laatste Nieuws that some guests lost thousands, depending on the length of their stay
The tell that almost was not there: guests who booked by phone were not targeted. The common thread is the online reservation system the affected hotels share, built by a Ghent software company, which says it has found no evidence its own systems were accessed. Wherever the leak sits, the data was real and the scam worked
Why it lands: the data did not have to leak from a hotel's own systems for that hotel's guests to be robbed. A breach somewhere in the booking supply chain became a hyper-personalised scam. Correct details are not proof of a legitimate message

Security.NL (3 June 2026) → https://www.security.nl/posting/939265/

2/3

Platform Spotlight: we put our full pricing in the open

Most NIS2 compliance tools hide their price behind a "contact sales" button. We just published ours in full: every tier, every per-client bracket, on one…

The whole table is public. Starter through Enterprise, the monthly base for each tier, and the per-client fee by client size. You can compare us against anyone without booking a meeting first
Why we did it. Our promise is that compliance should be easy, and that starts before you sign up. If you have to schedule a call just to learn the price, that is friction we would rather remove
It covers the real cost, not just the sticker. The page walks through total cost of ownership: the licence is rarely the biggest cost, your own internal time is, plus a separate audit fee if you choose to certify

See our pricing in full → https://easycyberprotection.com/learn/compare/nis2-compliance-software-pricing

3/3

CCB patch watch: an actively exploited firewall VPN and a wide-open phone system

The Centre for Cybersecurity Belgium flagged a cluster of critical fixes around 1 June. Two matter most for Belgian small and medium-sized enterprises (SMEs): a Palo Alto VPN flaw already under active attack, and a…

Palo Alto PAN-OS GlobalProtect: CVE-2026-0257 (severity 7.8), actively exploited. An authentication bypass that lets attackers open unauthorised virtual private network (VPN) connections into your internal network. CCB issued a "patch immediately" advisory on 1 June; the United States' CISA set the same day as its fix deadline, and exploitation was traced back to mid-May. Plenty of Belgian SMEs sit behind a Palo Alto firewall their MSP manages. Patch it now
FreePBX control panel: CVE-2026-46376 (severity 9.1). Hard-coded credentials let a remote, unauthenticated attacker into the portal. CCB advisory dated 1 June; fixed in FreePBX 16.0.45 and 17.0.7. Many small Belgian firms run a FreePBX or Asterisk phone system that was installed once and then forgotten, which is a real toll-fraud and eavesdropping risk
Also flagged the same week: critical fixes for the Progress Sitefinity content system (3 June) and multiple Oracle products (29 May). None of this is a one-off; a wave like it lands every single week

Centre for Cybersecurity Belgium advisories → https://ccb.belgium.be/advisories