Commstec

Commstec

Share

13/07/2026

If you've ever spent 5 minutes hunting through Teams trying to find a meeting recording, there's a feature you should be using.

It's called the Meet app, and it's already built into Teams. No Copilot license required.

The Meet app gives you a single dashboard for every meeting you've had or are about to have. Click on any meeting and you get the agenda, recording, transcript, chat, and shared files, all in one place.

To find it:

1. Open Teams

2. Click the three dots on the left navigation bar

3. Search for "Meet"

4. Right-click and pin it so it stays in your sidebar

Once pinned, you'll see two views: upcoming meetings and past meetings. Click any past meeting to see everything tied to it.

Finding what was discussed in last month's leadership review used to take 5 minutes of digging through your calendar, recordings, and SharePoint.

With Meet, it takes 30 seconds.

Adaptavist Group breach: Ransomware crew claims mega-haul 12/07/2026

In April 2026, ransomware hit Adaptavist, an Atlassian platinum partner that builds and supports tools for thousands of business customers.

Adaptavist makes ScriptRunner and similar add-ons that plug into Atlassian products like Jira and Confluence. When attackers got into Adaptavist's systems, every customer connected to those tools was suddenly downstream of a breach they didn't cause.

This is the supply chain attack pattern. Your business doesn't have to be the target. It just has to share a vendor with the target.

Three things worth doing this month:

-Make a one-page list of every SaaS vendor your business depends on. Email, accounting, payroll, CRM, helpdesk, file storage, project management. The list is usually longer than you'd expect.
-For each vendor, find their security and breach notification page online. If you can't find it in five minutes, that's information worth knowing.
-For the top five vendors by data sensitivity, ask three questions in writing: do you have a current SOC 2 Type II report, what's your breach notification SLA, and how do you handle credentials inside your support tooling.

You can't control every vendor's security. Pick the ones that take it seriously.

Adaptavist Group breach: Ransomware crew claims mega-haul : Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits 09/07/2026

In May 2026, the US government's cybersecurity agency added a top-severity Cisco vulnerability to its "fix this now" list.

The flaw lives in Cisco SD-WAN controllers. These are the devices many businesses use to connect remote offices, branch locations, or remote workers to their main network. The vulnerability scored a 10.0 out of 10 on the standard severity scale, which means an attacker who reaches the device over the internet can take it over completely. Once they're in, they have the keys to the network the device sits on.

CISA's "fix it now" list, formally called the Known Exploited Vulnerabilities catalog, is the list of bugs that hackers are already actively using. Federal agencies have a hard deadline to patch anything on it. Your business should be just as fast.

If you use Cisco SD-WAN, your IT team or MSP should already be on this. If you're not sure, ask them today: "Do we have any Cisco SD-WAN devices anywhere in our network?" The answer is yes, no, or "let me check." Only the third one needs follow-up.

The CISA KEV catalog is free, public, and updated weekly. It's the closest thing to a "what to patch first" list for businesses without a full security team.

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits CISA added CVE-2026-20182, a CVSS 10.0 Cisco Catalyst SD-WAN Controller authentication bypass flaw, to its KEV catalog.

03/07/2026

If an email asks you to download a tool to "view a document," stop and verify before clicking.

A growing attack pattern is tricking employees into installing real IT software on their own machines.

The software is called RMM (Remote Monitoring and Management), and it lets IT companies remotely control computers for support purposes.

Tools like ConnectWise ScreenConnect, Datto RMM, SimpleHelp, N-able, and LogMeIn are all legitimate and digitally signed by reputable vendors.

That's exactly why attackers love them. Antivirus software doesn't flag them as malicious because they aren't malicious. They're just being installed by the wrong person.

In February 2026, Microsoft documented a campaign that hit 29,000 users across 10,000 organizations.

The lure was a fake "IRS Transcript Viewer" email. The download was actually a repackaged ScreenConnect installer.

Once an employee ran it, the attacker had full remote control of their machine.

The same trick is being used with fake Zoom invites, fake Teams calls, and fake DocuSign emails.

A few things you can do:

▶️ Ask your IT provider to maintain an allow-list of approved RMM tools. Anything outside that list gets blocked from installing automatically.

▶️ Train your team that "download this viewer to see your document" is almost always a phishing attempt. Real documents don't require a new program.

▶️ Audit your endpoints for RMM software your IT provider didn't install. If you see something unfamiliar, flag it.

If you're not sure what RMM tools are running on your team's computers right now, that's the first thing to check this week.

Want your business to be the top-listed Computer & Electronics Service in Sheffield?
Click here to claim your Sponsored Listing.

Telephone

Address


Sheffield Business Centre
Sheffield
S91XZ