Never approve login notifications that you did not initiate. Cybercriminals often use fake or repeated prompts to gain unauthorized access to accounts. Take a moment to confirm that the login request matches your actual activity before approving it. If you receive an unexpected login notification, deny the request immediately and secure your account right away. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

Microsoft has disclosed a large-scale phishing campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries between April 14–16, 2026. Around 92% of the victims were based in the U.S., with healthcare, finance, professional services, and technology sectors heavily affected.

The attackers used convincing “code of conduct” themed phishing emails sent through legitimate email delivery services. The messages included PDF attachments and urgent subject lines designed to pressure recipients into clicking malicious links.

Victims were redirected through multiple CAPTCHA checks and fake verification pages before landing on adversary-in-the-middle (AiTM) phishing sites that stole Microsoft credentials and authentication tokens in real time, allowing attackers to bypass multi-factor authentication (MFA).

Microsoft also reported a sharp rise in QR code phishing during Q1 2026, with attacks increasing 146% from January to March. The company...

Think twice before entering company information into AI tools. Sensitive data such as employee records, customer information, and internal documents should never be shared on AI platforms without proper authorization. Unapproved or unsecured AI tools may expose confidential information and increase the risk of data leaks. Even when using company-approved AI applications, always follow company policies and avoid submitting confidential information. Staying cautious helps protect your organization from data leaks and cyber threats. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

We all make cyber mistakes, from clicking suspicious links to reusing passwords or skipping updates. These small errors can lead to data breaches, identity theft, or malware infections. By practicing simple security habits, you can better protect personal and work information.

Informational Tips:
• Reusing passwords: Makes multiple accounts easier to hack.
• Ignoring updates: Outdated software may contain security flaws.
• Clicking suspicious links: Phishing scams often look trustworthy.
• Using public Wi-Fi carelessly: Unsecured networks can expose data.
• Oversharing personal info online: Can lead to scams or identity theft.
• Weak security settings: Not using 2FA/MFA increases account...

Treat work data like cash—handle it carefully, share it only when necessary, and never leave it exposed in unsecured places. Avoid sending files through personal apps or taking screenshots of sensitive information, since these actions bypass security controls and can easily lead to accidental leaks. Always assume that any data you handle could be exposed, and choose the safest, company-approved methods to store and share it.

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request.

Only log in through official websites or trusted apps to keep your accounts secure. Avoid using links from messages or emails, as they can redirect you to fake login pages. Always double-check the website address to make sure it’s authentic before entering your details. If something feels suspicious, exit immediately and access the service through its official platform instead. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

Regularly review and remove third-party apps connected to your accounts, especially those you no longer use, because they may still have ongoing access to your information. Even if you uninstall an app, its permissions can remain active in the background, potentially exposing your data if the app is compromised or misused. Make it a habit to revoke unnecessary access from your account settings to reduce security risks and keep control over your personal information.

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request.

Microsoft updated its warning about a serious Windows security flaw called CVE-2026-32202, which affects the Windows Shell and has already been used in real attacks. Although the issue has now been fixed, it could allow attackers to trick users into opening a malicious file and gain access to some private information. Microsoft explained that the flaw involves a failure in protection against spoofing attacks. If exploited, an attacker could view certain sensitive data but would not be able to change it or block access. The company also admitted that some earlier details about the vulnerability, including its severity and exploit status, were incorrect and had to be corrected later.

The flaw was discovered by security researcher Maor Dahan, who said it was caused by an incomplete fix for an earlier vulnerability (CVE-2026-21510), which had been used along with another flaw (CVE-2026-21513) by a hacking group known as APT28. These attacks targeted Ukraine and European Union...

Always access work files only through approved and authorized platforms. Unauthorized tools or storage services can expose sensitive company data to security risks. Follow organizational policies when handling, sharing, or downloading files. Using secure, approved systems helps protect both your data and your organization. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

Mixing personal and work accounts is convenient—but risky. Separating them protects your data, privacy, and security. 

Why It Matters:
• Protect sensitive data – reduces risk of leaks 
• Prevent breaches – one hacked account won’t expose the other 
• Simplify recovery – issues are easier to track and fix 
• Maintain privacy – personal info stays personal 
• Follow policies – helps meet company security rules 

“Mix less, protect more.” 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request.