惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
V2EX - 技术
V2EX - 技术
B
Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threatpost
小众软件
小众软件
T
The Blog of Author Tim Ferriss
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
T
Tenable Blog
P
Privacy International News Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
B
Blog RSS Feed
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
Security Latest
Security Latest
S
Securelist
Cyberwarzone
Cyberwarzone
D
Docker
S
Schneier on Security
V
Vulnerabilities – Threatpost
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

Cyberwarzone

LinkedIn Sued Over Browser Extension Scanning Why Cyberwarfare Uses Ambiguity and Delayed Attribution as Pressure Why Cyberwarfare Pressures Trusted Access and Account Recovery Paths Why Cyberwarfare Keeps Pressuring Recovery Paths and Fallback Systems Why Cyberwarfare Keeps Pressuring Shared Service Providers Why Cyberwarfare Pressures Industry Clusters Why Cyberwarfare Turns Nearby Economies Into Spillover Zones Why Cyberwarfare Forces Firms to Scan Networks Early Why Cyberwarfare Targets Crisis Messaging Systems Why Cyberwarfare Keeps Pressuring Energy Networks Why Cyberwarfare Keeps Pressuring Communications Networks Why Cyberwarfare Keeps Pressuring Shipping and Logistics Networks Why Cyberwarfare Keeps Pressuring Banks and Financial Networks Why Endpoint Management Systems Are Becoming Cyberwarfare Choke Points Why Cyberwarfare Targets Healthcare and Medical Supply Chains Why Cyberwarfare Increasingly Exploits Trusted Civilian Apps Why Cyberwarfare Hits Civilian Companies First Critical Quest KACE SMA RCE (CVE-2025-32975) Under Attack Handala Rebounds After FBI Seizure, Exposing Iran Cyberwar Resilience Top 10 Cyber Escalation Risks Security Leaders Should Understand Top 10 Questions to Ask Before Calling an Incident Cyberwarfare Top 10 Cyber Deterrence Problems Security Leaders Should Understand Top 10 OT and ICS Risks in Modern Cyberwarfare Top 10 Cyberwarfare Doctrine Ideas Security Leaders Should Understand Top 10 Attribution Problems in State-Linked Cyber Operations Iran Cyberwar: Identity Systems Become the Target Iran Cyberwar Shifts to Spillover, Retaliation, and Control Top 10 Critical Infrastructure Sectors Most Exposed in Cyberwarfare Top 10 Below-Threshold Cyber Operations States Use Top 10 Differences Between Cyberwarfare and Cyber Espionage Top 10 Signs a Cyber Campaign Is Pre-Positioning for Future Conflict Top 10 Signs a CVE Needs Clear Closure Criteria Top 10 Signs a CVE Needs Proof of Remediation Top 10 Signs a CVE Needs a Risk Acceptance Review Top 10 Signs a CVE Needs Asset Owner Escalation Top 10 Signs a CVE Needs a Special Maintenance Window Top 10 Signs a CVE Needs Compensating Controls Before You Can Patch Top 10 Signs a CVE Needs a Staged Patch Rollout Top 10 Signs a CVE Is More Dangerous as Part of an Exploit Chain Top 10 CVE Sources Security Teams Should Check After Reading a CVE Top 10 CVE Fields Security Teams Should Review Before Patching Top 10 CVE Items Security Teams Should Patch First in 2026 Trivy Supply Chain Attack Spreads Infostealer, Worm, and Kubernetes Wiper via Docker Hub Hong Kong Police Can Demand Phone Passwords Under New Security Law North Korean Hackers Deploy StoatWaffle Malware via VS Code Projects FBI Seizes MOIS Leak Sites After Handala Attack Hit Hospitals Baghdad to Ras Laffan: Iran-Linked Strikes Widen the Regional War Lebanon Death Toll Tops 1,000 as Israeli Bombardment Continues Pentagon Seeks $200 Billion for Iran War With No End Date in Sight Trump’s Pearl Harbor Remark Exposes Japan’s Iran War Dilemma Haifa Refinery Hit as Iran Expands Retaliation to Israeli Energy Sites Who Commands Iran Now After Larijani’s Killing? How to Report Remediation Progress to Leadership Which Vulnerability Remediation Metrics Matter Gulf Drug Supply Chains Strain as Hormuz Disruption Spreads LNG Buyers Scramble as Hormuz Disruption Hits Qatari Supply Routes Gulf Importers Reroute Supplies as Hormuz Disruption Spreads How to Run Emergency Change Approval for Security Patches EU Eases Gas Import Rules as Iran Crisis Threatens Hormuz Flows Gulf Producers Turn to Pipelines as Hormuz Shipping Risk Deepens How to Communicate During Emergency Patching Iran Warns Gulf Energy Sites to Evacuate After South Pars Strike Who Owns Vulnerability Remediation? Europe Signals Distance From Trump’s Iran War While Watching Hormuz What to Monitor After Emergency Patching to Catch Incomplete Fixes Gulf States Create Safe Sea Corridor as Hormuz Risk Rises How to Verify a Vulnerability Is Really Remediated EU Sanctions Chinese, Iranian Firms Over Cyberattacks When to Grant a Vulnerability Exception CISA Warns on Microsoft Intune After Stryker Cyberattack How to Validate Vulnerability Exposure Before You Escalate a Patch How to Write a Vulnerability Remediation SLA That Works 5 KEV Lessons That Show How Patch Prioritization Fails How to Build a KEV-Driven Patch Workflow Without Burning Out Your Team Greek Firms Scan Networks as Iran War Raises Cyberattack Risk KEV vs CVSS vs EPSS: Which Signal Should Drive Patch Priority? Top 10 Signs a CVE Needs Emergency Patching Top 10 MDR Tools for 2026: Compare Leading Providers Red Sea Risk Rises as Houthi Shipping Threat Looms Top 10 SOAR Tools for 2026: Compare Leading Platforms Top 10 XDR Tools for 2026: Compare Leading Platforms Hezbollah Readiness Grows as Lebanon Front Heats Up Top 10 EDR Tools for 2026: How to Compare Leading Platforms Top 10 SIEM Tools for 2026: How to Compare the Leading Platforms Airstrikes Target Iran’s Syria Logistics Corridor as Regional Proxy War Expands Drone and Rocket Attacks on U.S. Embassy Mark Sharp Escalation in Baghdad South Pars Gas Field Hit: Iran Warns of Gulf Energy Escalation Service Account Security: How to Control Privilege, Rotation, Ownership, and Trust Paths Incident Response Playbook: How to Triage, Contain, Investigate, and Recover Middle East war disrupts pharma air routes and raises risk of cancer drug shortages in Gulf Cisco Talos links UAT-9244 to TernDoor, PeerTime, and BruteEntry attacks on South American telecoms FortiGate devices exploited to steal service account credentials and breach networks Attack Surface Management: How to Find Exposed Assets, Prioritize Risk, and Reduce Drift CISA adds two actively exploited vulnerabilities to KEV catalog Meta disables 150,000 accounts linked to Southeast Asia scam centers CISA adds five actively exploited vulnerabilities to KEV catalog What Is Zero Trust? A Practical Guide to Identity, Access, and Network Segmentation INTERPOL operation takes down 45,000 malicious IPs and leads to 94 arrests ADNOC loading still halted at Fujairah after drone strike as Iran war disrupts UAE export corridor Apple updates older iPhones and iPads for WebKit flaw exploited in Coruna spyware attacks
Dutch Police Employee Critical of Iranian Regime Shot in Schoonhoven
Reza Rafati · 2026-03-20 · via Cyberwarzone

A 36-year-old Dutch police employee of Iranian descent was seriously injured after being shot in Schoonhoven on Thursday morning, March 19, with Dutch authorities now examining whether his public criticism of the Iranian regime could be relevant to the case. Dutch police said the man was found badly wounded at Pascalplein shortly before 07:00 and was taken to hospital, while Justice Minister David van Weel said all possible scenarios remain under review.

According to Dutch police, the victim works at the Politiedienstencentrum, or Police Service Center, and a large-scale investigation team led by the Public Prosecution Service in The Hague has been deployed to identify the shooter or shooters. Police Chief Janny Knol and Police Service Center director Paul van Musscher said the shooting was a major blow for the victim’s family, his colleagues in the ICT organization of the service center, and the wider police force.

\n\n

Minister says victim had spoken out against Tehran

Justice Minister David van Weel said the victim was known as someone who had spoken out against the Iranian regime. Hart van Nederland, citing ANP, reported that Van Weel said Dutch authorities must take that fact seriously, although he did not say there is already proof of a direct link between Tehran and the shooting.

Reuters reported the same day that the Netherlands is increasing security measures for Iranian dissidents living in the country after the attack. Van Weel said the National Coordinator for Security and Counterterrorism, the Public Prosecution Service, police, and local authorities were on alert and taking necessary security measures because of the victim’s Iranian background.

What is confirmed and what is not

Several facts are confirmed by Dutch police and by statements from Van Weel: the victim is 36 years old, of Iranian descent, employed by the Dutch police service, and was seriously injured in the March 19 shooting in Schoonhoven. It is also confirmed that investigators are treating the case seriously enough to launch a major investigation.

What is not confirmed is motive. Dutch authorities have not publicly identified a suspect, have not said whether a foreign state role is established, and have not publicly described the weapon used or the number of attackers. Reports in Dutch media that the victim had fled Iran years ago or was specifically targeted at home remain secondary reporting unless confirmed by investigators or the victim’s family.

Why the case matters beyond one local shooting

This incident lands at a moment of sharply elevated Dutch and European concern over Iranian-linked intimidation, espionage, and proxy activity. Even before investigators establish motive, the operational response already shows how authorities are reading the threat picture: not as an isolated street crime alone, but as a case with possible national-security implications.

That distinction matters. In Europe, incidents involving exiles, dissidents, diaspora activists, and politically exposed migrants often move across two tracks at once: ordinary criminal investigation and counterintelligence assessment. The first asks who pulled the trigger. The second asks who selected the target, who supplied surveillance, and whether the attack fits an intimidation pattern rather than a private dispute.

The Netherlands has already been tightening its posture around spillover risks linked to the wider Iran crisis. For broader context on the expanding European security picture, see our coverage of Greek firms scanning networks as the Iran war raises cyberattack risk and our analysis of Poland’s foiled cyberattack on its nuclear research centre.

The overlooked lesson: dissident risk is not only digital

One mistake in current Iran-related coverage is to treat cyber operations, physical intimidation, and diaspora targeting as separate stories. They often are not. The same pressure environment can include online surveillance, doxxing, coercive messaging, family pressure inside Iran, and in some cases physical violence abroad. That is why cases like Schoonhoven should be read not only as a crime brief, but as a possible indicator of cross-domain pressure against regime critics.

Cyberwarzone has already tracked the digital side of that escalation in reports such as the Stryker cyberattack claimed by Iran-linked Handala and CISA’s subsequent warning on Microsoft Intune hardening. The Schoonhoven shooting is different in method, but it fits the same broader security environment in which Iran-related tensions are no longer contained to one geography or one operational domain.

What investigators are asking for now

Dutch police have asked for witnesses, camera footage, and any other information tied to events at or around Pascalplein in the hours before the shooting. The appeal specifically covers observations from around 07:00 on Thursday morning and earlier movements that may help reconstruct the attack route, staging, or getaway path.

Until investigators release more, the most accurate framing is narrow and factual: a Dutch police employee of Iranian descent was shot and seriously wounded in Schoonhoven; the victim had publicly criticized the Iranian regime; Dutch authorities have not ruled out any scenario; and security measures for Iranian dissidents in the Netherlands are being increased while the investigation continues.

About the Author

Reza Rafati Avatar

Reza Rafati

Reza Rafati is a cybersecurity specialist and founder of Threat Intelligence Lab, with a focus on cyber threat intelligence, threat hunting, and coordinated takedowns. He publishes practical guidance on ThreatIntelligenceLab and Cyberwarzone, and regularly speaks on topics spanning cybercrime, AI, and warfare.