® 
DEFION in numbers
Five disciplines.
One partner.
No juggling five vendors for five problems. One team that covers your entire security posture, from advisory to 24/7 monitoring and crisis response.
Independent.
AI-accelerated.
20 years proven.
You get advice without a hidden sales agenda. DEFION doesn't sell products, only protection. That means our recommendations are always in your interest.
From boardroom to server room, 24/7 monitoring and AI-accelerated pentesting. One partner for your entire attack surface: IT, OT, and IoT.
About DEFION →
100+ specialists.
Two offices.
One team.
Zoetermeer and Barcelona. Real people, senior expertise. No offshore support, no call-center triage. When you call DEFION, you reach the engineer who can actually help.
Independent since 2005. Still driven by the people who founded it.
Faster detection.
Less noise.
Better decisions.
You only get alerts that matter. No flood of false positives, no overwhelmed security team. Our technology filters the noise, our experts make the calls.
The result: threats detected in minutes instead of days. And when it counts, there are always people ready who know what to do.
Alert within 4 minutes
No hours or days waiting for an alarm
Only what matters
Your team sees relevant alerts, not thousands
Pentest in 24 hours
First vulnerabilities same day, not after weeks
Experts who decide
No automated guesswork, real human judgment
What we see right now.
Week 19, 2026 · Updated May 8, 2026
Our TI team monitors 40+ sources 24/7. These are the most relevant threats for European organizations.
CVE-2026-6973 Actively Exploited in Ivanti EPMM: Unauthenticated RCE PoC Imminent per NCSC-NL (NCSC-2026-0135)
NCSC-NL confirms CVE-2026-6973 is actively exploited in Ivanti EPMM (CVSS 9.1), with a PoC for unauthenticated RCE (CVE-2026-5788, CVSS 9.8) expected imminently. Organizations running EPMM or MobileIron must patch immediately and check logs for signs of compromise.
May 8, 2026 · Confidence: High
Read more →LockBit 5.0 Resurfaces: German Manufacturing and Logistics Hit as EU Ransomware Wave Reaches 6 Victims in 24 Hours
LockBit 5.0 resurfaces with two German victims as part of a six-victim EU ransomware wave in 24 hours spanning Germany, Spain, and Denmark. Akira threatens to leak 19GB from Hamburg manufacturer Grau GmbH, including German passports. Action: verify endpoint detection and backup integrity in manufacturing and logistics.
May 8, 2026 · Confidence: High
Read more →APT29 (Cozy Bear) Active in 2026: Lab52 Publishes New Intelligence on Russian State Espionage Targeting EU Organizations
Lab52 published new intelligence on APT29 (Midnight Blizzard) state-sponsored espionage campaigns actively targeting EU government, technology, and defense organizations. Active TTPs include phishing, supply chain compromise, and valid account abuse. Action: review phishing controls and supply chain security for government and tech sector clients.
May 8, 2026 · Confidence: High
Read more →We speak your language.
Newsroom
AZ and DEFION Security: Official Supplier for Optimal Data Protection
AZ and DEFION enter into a multi-year strategic partnership as Official Supplier to strengthen the club's digital resilience. DEFION protects the valuable data AZ uses for performance on and off the pitch.
CVE-2026-31431 ("Copy Fail"): Critical Linux Privilege Escalation Vulnerability Explained
CVE-2026-31431 ("Copy Fail") is a Linux kernel vulnerability enabling stealthy privilege escalation to root. Learn about the impact, affected systems, and mitigation steps.
SURF Deployment: DEFION and DTX Secure 75+ Education and Research Institutions
DTX and DEFION begin rolling out MDR services for SURF. More than 75 Dutch universities, polytechnics and vocational colleges receive 24/7 protection against cyberattacks.
Ready to make your
security AI-proof?
Talk to one of our experts. No obligations, no sales pitch: an honest conversation about your situation.