Microsoft 365 to Boost Security by Blocking Legacy Access

Microsoft is making important security changes to Microsoft 365 starting in mid-July 2025. These updates will block outdated login methods—known as legacy authentication protocols—from accessing files in SharePoint, OneDrive, and Office apps. These older systems are more vulnerable to cyberattacks like phishing and brute-force attempts, so blocking them helps protect users' data.

In addition to blocking legacy authentication, Microsoft will also require admin approval before third-party apps can access company files or sites. This means regular users won't be able to grant access on their own, reducing the risk of accidentally exposing sensitive information. These settings will be turned on automatically for all Microsoft 365 customers, with no need for additional licensing.

This change is part of Microsoft’s broader push to improve cloud security, known as the Secure Future Initiative. Other recent efforts include blocking outdated technologies like ActiveX controls in Office apps and introducing new protections in Teams and Outlook. Microsoft says this is just the beginning of more updates aimed at strengthening security across its services.

Russian Hackers Bypass Gmail Security Using New Phishing Tactic

A Russian-linked hacking group has been caught using a sneaky new phishing method that bypasses two-factor authentication by abusing Google’s “app-specific password” (ASP) feature. The attackers, impersonating U.S. State Department officials, spent weeks building trust with targets through convincing email conversations. Once the victim was comfortable, they were tricked into creating and sharing a special password that gave the hackers access to their Gmail accounts—completely sidestepping normal security protections.

The messages were written in flawless English and designed to appear official, likely polished with AI tools to avoid raising suspicion. One target, a British researcher, was deceived after exchanging over 10 emails with a fake diplomat. Google and Citizen Lab called the operation highly sophisticated and difficult to detect. Google has since revoked the stolen passwords and secured affected accounts, urging high-profile users to activate Advanced Protection and review their settings for leftover vulnerabilities.

Veeam Patches Critical Backup Software Flaws Allowing Remote Code Execution

Veeam has issued a critical security update to fix several serious vulnerabilities in its Backup & Replication software. The most severe of these, rated 9.9 out of 10 on the security risk scale, allows someone with a valid domain account to remotely execute code on a backup server. This flaw, known as CVE-2025-23121, was discovered after researchers found a way to bypass a previous fix for a related vulnerability. The issue affects version 12.3.1.1139 and all earlier builds.

Veeam also patched two other flaws. One (CVE-2025-24286), rated 7.2, could let users with special permissions tamper with backup jobs to run harmful code. Another (CVE-2025-24287), rated 6.1, affects Veeam Agent for Windows and could allow local users to change directory contents and run code with elevated privileges. All three vulnerabilities were reported by independent security researchers, and users are strongly urged to update their systems immediately.

Defensible Strategies

Learn from those who have been attacked

North Korean Hackers Use Deepfakes on Zoom to Target Mac Users with Sophisticated Malware

A North Korean hacking group known as BlueNoroff has been caught using deepfake videos of company executives during fake Zoom calls to trick employees into installing malware on their Macs. The group contacted targets via Telegram, pretending to be outside professionals, and sent them fake meeting links that appeared to be for Google Meet but led to attacker-controlled Zoom domains. During these fake meetings, the deepfaked executives would claim there were technical issues and convince the target to download what they said was a Zoom fix—actually a malware installer.

Once installed, the malware executed a series of hidden commands designed to bypass security, download further malicious files, and establish control over the victim’s computer. Researchers found a total of eight different malicious tools, including fake Telegram updaters, remote-access backdoors, surveillance software, and a cryptocurrency-stealing tool targeting over 20 digital wallets. These programs were crafted to avoid detection and maintain long-term access to the infected system.

This attack highlights how advanced cybercriminal tactics are becoming, especially on macOS—a platform often thought to be safer from malware. As more companies use Macs, hackers are now developing highly targeted attacks using realistic social engineering, deepfakes, and sophisticated malware. Experts warn Mac users and organizations not to be complacent and to take proactive steps to secure their systems.

Healthcare Firm Episource Reports Data Breach Exposing Sensitive Patient Information

Episource, a U.S.-based healthcare technology company, experienced a data breach earlier this year when a cybercriminal accessed and copied sensitive information between January 27 and February 6, 2025. The company quickly shut down its systems, launched an investigation with cybersecurity experts, and informed law enforcement. While no misuse of the data has been reported so far, the stolen information may include names, contact details, health insurance information, medical records, and in some cases, Social Security numbers or birth dates.

Episource began notifying affected individuals in April, advising them to stay alert for any suspicious activity involving their medical, financial, or tax records. This incident highlights the growing threat to healthcare organizations, which continue to be major targets for cyberattacks. Around the same time, Yale New Haven Health also reported a breach affecting 5.5 million patients, underscoring the urgent need for stronger cybersecurity in the healthcare industry.

Meta and Yandex Caught Using New Hidden Method to Track Android Users

Researchers have uncovered a sneaky new way that Meta (formerly Facebook) and Russian company Yandex were secretly tracking Android users. They embedded special tracking codes in millions of websites that trick browsers like Chrome into sending unique user information to apps installed on users’ devices. This clever method lets them connect anonymous web activity to specific mobile app users without people knowing.

What makes this especially concerning is that the tracking bypasses important security protections built into Android and browsers. Normally, Android keeps apps separate to prevent them from accessing each other’s data, and browsers isolate website data to keep it private. But this tracking method breaks those rules, allowing Meta and Yandex to gather detailed, persistent information about users across apps and websites. After being caught, both companies stopped using this tracking technique, and Google is now investigating.