For years, companies drilled one thing into employees’ heads: don’t trust weird emails. Problem is, attackers adapted. Instead of fighting against people’s skepticism around email, they moved to platforms employees already trust without thinking twice about it. One of the biggest targets right now is Microsoft Teams
A threat group called KongTuke has been using Teams chats to get inside corporate networks, and honestly, it’s working disturbingly well. Instead of blasting out phishing emails, they pose as internal IT staff and message employees directly through Teams. Sometimes they’re operating from already-compromised Microsoft 365 accounts. Other times they create fake accounts designed to look close enough to pass a quick glance. Either way, the attack can go from first contact to compromised system in just a few minutes. [Read more…]
Hackers posing as IT support are targeting employees at large companies to sneak into their Salesforce systems and steal data. They start with a phone call, pretending to help with a routine issue. The real goal? To get the employee to connect to a fake version of Salesforce’s Data Loader tool. Once that happens, the attackers can quietly grab sensitive company data.
Microsoft will continue rolling out security updates for Microsoft 365 apps on Windows 10 until October 2028, extending support three years past the operating system’s planned end-of-life.