ACT Systems

If a website ever tells you to press Windows Key + R, close the tab.

That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card...

You click a Google result that takes you to a hacked website.

A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human.

The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself.

No file was downloaded, so antivirus has nothing to scan.

The browser shows no warning.

From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:

▶️ Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.

▶️ Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.

▶️ Make sure your endpoint protection is doing behavioral monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:

▶️ Block device code authentication flow in Entra ID for users who don't need it.

This protocol was designed for devices with lim

If you run a business, an employee can easily email your client list to their personal account, whether by accident or on purpose.

Most companies just trust their staff not to do this.

But you need a technical rule that stops sensitive data from leaving your network in the first place.

If you use Microsoft 365, you can use a tool called Microsoft Purview to set up Data Loss Prevention rules.

When you turn this on, the system scans every outgoing email, Teams messages, SharePoint/OneDrive files, endpoint devices, browser activity, and Microsoft 365 Copilot prompts before processing.

If it detects sensitive information like Social Security numbers, credit card details, or specific internal company tags, it physically blocks the email.

You do not have to monitor employees manually.

Late-stage deals often slow down when priorities shift and follow-ups are missed. 🤖

The Sales Close Agent identifies high-value opportunities, suggests next actions, and handles key sales tasks automatically.

Watch how it helps you keep deals moving and close with greater consistency. -dynamics

Introducing the new sales agent for Dynamics 365: Sales Close Agent When deals slow down, revenue gets harder to predict. This video shows how the Sales Close Agent in Dynamics 365 Sales identifies high-value opportunities, suggests next steps, and manages transactional sales tasks. Watch the video to understand how this new M365 agent accelerates deal progression.

Enhancing applications while maintaining innovation goes beyond mere code modifications. 💡

This demo video illustrates how Azure Copilot and GitHub Copilot foster a cohesive, AI-driven experience throughout development and cloud settings. Check it out to learn how AI streamlines the entire modernization process, enabling you to transition from code updates to deployment with increased clarity and efficiency.

-azure

Azure Copilot and GitHub Copilot app modernization Accelerate modernization with a code-to-cloud connected AI experience. The demo video, "Azure Copilot and GitHub Copilot app modernization," showcases how AI assistance streamlines application modernization by connecting development and cloud workflows, reducing friction, and enabling faster deploym...