LinkedIn Carousel - #CyberWeekly Week 4

Europe Rewrites the Rules

EU proposes revised Cybersecurity Act to secure supply chains and simplify NIS2 compliance

Platform: 50 Learn Articles Go Live

LastPass Phishing Targets Master Passwords

Clop's Oracle Zero-Day Hits 100+ Orgs

Easy Cyber Protection

1/4

EU proposes revised Cybersecurity Act to secure supply chains

January 20: The European Commission proposed a sweeping revision of the EU Cybersecurity Act, targeting ICT supply chain security and simplifying compliance for businesses across Europe.

ICT supply chain security framework — a risk-based approach to identify and mitigate vulnerabilities across critical sectors
Mandatory telecom de-risking — European mobile networks must remove high-risk third-country suppliers (building on the 5G security toolbox)
Simplified NIS2 compliance — clearer jurisdictional rules, streamlined ransomware reporting, and a unified incident reporting portal
Voluntary certification — businesses can certify products, services, and security posture through a renewed European Cybersecurity Certification Framework
Stronger ENISA — the EU cybersecurity agency gains coordination powers, will pilot a Cybersecurity Skills Academy, and will help companies recover from ransomware attacks

Full coverage of the revised Act → https://www.helpnetsecurity.com/2026/01/21/eu-cybersecurity-act-revised/

2/4

Platform Spotlight: 50 Learn articles go live

Big week for the platform.

NIS2 deep dives — from what NIS2 is to penalties, deadlines, and a full compliance checklist
CyberFundamentals explained — what it is, assurance levels, controls, and certification
Security basics — phishing, ransomware, passwords, 2FA, backup, and more
Practical guides — risk assessment, employee training, supplier security
Industry-specific — tailored advice for healthcare, manufacturing, retail, and professional services

Explore the Learn section → https://easycyberprotection.com/learn

3/4

LastPass customers targeted by phishing campaign stealing master passwords

January 19: A phishing campaign launched over the US holiday weekend targeted LastPass users with fake maintenance emails, trying to steal their master passwords.

Urgency trap — emails warned of a 24-hour deadline, a classic social engineering tactic
Fake backup link — clicked through an AWS-hosted redirect to a convincing fake login page at "mail-lastpass[.]com"
Holiday timing — launched over a long weekend to exploit reduced security staffing
Second wave — after LastPass disrupted the first infrastructure, attackers sent new emails with updated links and registered additional impersonation domains

LastPass official advisory → https://blog.lastpass.com/posts/january-2026-phishing-campaign-targeting-lastpass-customers-update

4/4

Clop's Oracle zero-day rampage hits 100+ organizations worldwide

The Clop ransomware gang exploited a critical Oracle E-Business Suite zero-day (CVE-2025-61882) to steal data from over 100 organizations — including Dartmouth College, Harvard, The Washington Post, Logitech, and American Airlines subsidiary Envoy Air.

Zero-day, zero blame — the vulnerability was unknown to Oracle when attacks began in August 2025. No employee clicked a bad link, no password was compromised
226GB stolen from Dartmouth alone — Social Security numbers, bank account info, and personal data of 40,000+ people exposed
Extortion without encryption — Clop didn't encrypt anything. They stole data, waited, then threatened to publish unless paid. This "exfiltration-only" model is becoming the norm
$10M bounty — the US Department of State now offers $10 million for information linking Clop's attacks to a foreign government

Full breach analysis → https://www.bleepingcomputer.com/news/security/dartmouth-college-confirms-data-breach-after-clop-extortion-attack/

Read the full issue

4 stories. Context that matters.
Belgian cybersecurity, weekly.

Scan to read online

https://easycyberprotection.com/cyberweekly/2026/week-4

Follow #CyberWeekly

easycyberprotection.com