Cypac Blog

Happy Friday Last month Microsoft enabled a new feature that allows all Teams users to initiate chats as a guest  with any email address, even if they're not using teams . And get this, it's been quietly enabled by default for everyone, even your company's Microsoft 365 account. So why is this a problem? Because it creates an opportunity for bad guys to smash right into your Microsoft 365 account and disable your defenses by disabling your protection policies. Details on the

A chilling trend in cyber threats is emerging. Attackers are no longer just phishing from the outside. They are slipping into organizations disguised as legitimate employees. According to a report from BleepingComputer, malicious actors are applying for real jobs in tech, often in IT or cybersecurity. They come equipped with fake resumes, synthetic identities, even deepfakes to pass virtual interviews. Once inside, they get privileged access and from there, the door is wide

The FBI issued a warning this week .   Over $262 million has already been reported stolen from over 5,100 complaints  from account takeover fraud schemes this year. But, the actual number is  much higher since most cases don't get reported. The FBI is urging the public to be wary of social engineering techniques being delivered by texts, calls and emails. The bad guys have gotten good at breaking into financial institutions, payroll platforms and health savings accounts, the

While you’re snagging discounts, cybercriminals are waiting to trick you with spoofed sites, phishing messages, and fake confirmations. Amazon warned of a spike in scams: fake messages, impersonation attempts, and bogus checkout pages. Shoppers should also be aware of other common tactics like fake stores, malicious checkout scripts, and counterfeit shopping apps, which continue to circulate during the holiday shopping season. These scams don't just steal money, they can lead

Happy Friday The scammers are at it again, this time targeting local businesses by impersonating Hawaiian Electric Co. and threatening to disconnect service unless “payment” is made. Despicable. How the scam works The scammers are calling local businesses from an (808) number and threatening to disconnect power unless an immediate payment is made. They're targeting high usage commercial customers and a handful have already reportedly paid the scammers thousands in cash,  usin

Imagine you wake up to an email from “ no‑reply@doordash.com " saying you’ve been granted a $20 voucher. Looks legit. But what if that email was sent from  DoorDash’s servers and not a scammer spoofing the address, but a flaw inside the system that let anyone craft that message? That’s exactly the scenario unearthed when security researcher “doublezero7” uncovered a vulnerability at DoorDash’s “for Business” platform, and the aftermath spiraled into a messy disclosure dispute

Happy Friday  The bad guys are at it again. This time, they're spoofing spam filter notifications, something you might already receive daily if your company uses an email filtering service (such as ProofPoint). They'll try to trick you into visiting a phishing website that steals login credentials, instantly giving them access to your email, cloud storage or personal accounts. Here's what these fake emails look like: The Takeaway I know that it looks pretty basic but it's act

You have just booted up your PC clicked Check for updates and … crickets. No new security patches. Suddenly you realize you are running Windows 11 version 23H2 Home or Pro and the clock just stopped for your version. Yup the November 2025 update marked the final monthly security patch  for that release. Microsoft has officially confirmed that starting November 11 2025 Windows 11 version 23H2 for Home and Pro editions will no longer receive monthly security or preview updates.

Happy Friday Have you heard of Shadow AI?  It's a new, serious problem and the elephant in the room nobody wants to talk about. I'm sure that you want your company, your team to use AI to be more productive, right? But like every new technology, it helps helps to have some guidelines everyone at the organization agrees upon before using it for work. This is where Shadow AI creeps in. According to a new study , at least 1 out of 4 employees have been infested  by it. So what i

An executive board role? On LinkedIn? Flattering. But behind that shiny title offer lies. A linkedin scam phishing campaign aimed squarely at finance leaders and it's not sending any bonuses. A campaign discovered by Push Security exploited LinkedIn direct‑messages to target finance executives, pretending to offer elite “Executive Board” roles in a fictional “Common Wealth” investment fund. Here’s how the scam unfolds: The victim receives a LinkedIn message with a link. Click