P3C Technologies LLC

06/12/2026

Managed security is evolving to catch phishing sites faster using fine-tuned AI models. As hackers get smarter, your defense systems have to keep up. How often does your team participate in security training to spot the latest online scams?

ImmuniWeb unveiled technical updates, new features and functionalities across all products available on the ImmuniWeb AI Platform.

06/11/2026

Microsoft is overhauling how it tests new Windows features to get feedback faster and reduce bugs in the final versions. A more stable operating system means fewer headaches for you. What is the one Windows feature you wish they would fix first?

Hello Windows Insiders, Today is the day we’re beginning to move to the new Experimental and Beta channels as announced earlier this month

06/10/2026

The latest Windows 11 updates are finally making it easier to manage your account and security settings in one place. Staying secure shouldn't be a chore for business owners. Have you explored the new account dashboard on your work PC yet?

The update, issued on April 14, 2026, delivers the latest security fixes and performance refinements verified in March’s preview and emergency releases.

06/10/2026

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:

▶️ Block device code authentication flow in Entra ID for users who don't need it.

This protocol was designed for devices with limited input, which most office staff don't use. Open Conditional Access and create a policy that blocks device code flow by default.

▶️ Train your team. Microsoft will never email you a verification code to enter on its login page.

If a user gets an email instructing them to enter a code into login.microsoftonline.com, the email is phishing, no matter how legitimate the sender looks.

▶️ Use phishing-resistant MFA where possible, like FIDO2 hardware keys or Windows Hello for Business.

Authenticator app prompts are better than nothing, but they don't protect against this specific technique.

If you don't know how to do these things, let us know and we’ll help you out.

06/09/2026

Apple is preparing to launch four new Mac models later this year. From the M5 chip to potential design overhauls, the hardware race is heating up. Are you holding out for a new release, or is your current setup still getting the job done?

Apple recently launched three new Macs, but there are another four Macs rumored to debut throughout the remainder of the year.

06/08/2026

If a website ever tells you to press Windows Key + R, close the tab.

That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card...

You click a Google result that takes you to a hacked website.

A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human.

The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself.

No file was downloaded, so antivirus has nothing to scan.

The browser shows no warning.

From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:

▶️ Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.

▶️ Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.

▶️ Make sure your endpoint protection is doing behavioral monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling

05/06/2026

Original email from a client to our ticketing system. The subject line is:

"HELP"

Yes, they obviously need some help with something 😀

Here's the automatically updated subject line - put in place by the Ticket Triage AI Agent we created:

👍 "Storage Full Error Preventing Access to Email and QuickBooks"

Yes, this is a small change that would only take a technician about 30 seconds to do. But if you add that up over the course of one month - hundreds of tickets - that is quite the time savings.

What little tasks are your staff doing in your business hundreds of times each month? Have you asked yourself the question, "can we automate that?" If not - it's time to start. Let us know if you need help on the techie parts of automation. This type of work is the exciting stuff where you can see a real return on investment.

03/06/2026

Welcome to another episode of Tales from the Hacked....real stories about attacks on our clients that we prevented or stopped in their tracks. "A Docusign Account Goes Phishing..." Chuck is a client of ours. He saw a new email - a Docusign stating it was from his colleague Gilbert. Yes, it was a real Docusign account that sent it. What he did not know: attackers opened this Docusign account in Gilbert's name with a domain name that was one letter off the real one Gilbert's company uses (the real domain name ends in "attorneys.com" - the one bought by the attacker ends in "attoneys.com"). This means the attackers spent money to execute this attack. They bought a domain name, email infrastructure, and third party applications (Docusign). This was an attack targeting a small business. You are never too small to be a target. The real kicker? The Docusign form sent Chuck to a man in the middle attack fake form that captured his Microsoft 365 password and 2 factor code, giving the attacker access to Chuck's mailbox. Microsoft published their logs 4 minutes after the login by the attacker, a proactive monitoring IT threat detection and response tool included in our P3C proactive plans locked Chuck's account within 56 seconds of the log being published. The attacker had access to the account for less than 5 minutes - and the attacker did not have time to do anything. This is why it is important to have an IT provider watching your back. Contact us for an audit of your Microsoft 365 environment - even if you have internal or existing IT help - we will run the assessment for you.

02/23/2026

A very clever scam email. After analyzing the message - it looks to us like the attackers took over a Microsoft 365 account at a prominent well known business based in India. They then used this account to send out Microsoft Power Automate flow emails so the email came from a microsoft.com email address. One of our clients received this email and did the right thing - reporting it to us. Can you spot the warning signs in this phishing scam? A big give-away - tell me when Microsoft provides a phone number in their error messages or invoice emails. They don't like phone calls :)

12/12/2025

We often get folks asking about purchasing extra power bricks for their laptops - either as gifts OR just to have something that travels well in the laptop bag. Here are two recommendations that provide a maximum power output of 140watts on a single port (NICE) and will charge most laptops well (disclaimer: if you have a gaming or engineering laptop - let's chat more to get you a specific recommendation).

Option 1 - a 160 watt anker charger
https://amzn.to/4ptwdPM
Get the nicer rated cable to charge your laptop - the cable plugs into your laptop on one end and the power brick on the other:
https://amzn.to/48VSVsT
Option 2 - a little fancier - has a physical display to tell you how much each port is outputting, more ports, and outputs up to 140 watts per USB-C port:
https://amzn.to/3KZgB7F
Get the same higher power rated cable for your laptop:
https://amzn.to/48VSVsT

Want a more specific idea for a techie gift this holiday season? Let us know and we can do a shopping consult with you.

Product Details Model Number: A88E2 Anker Prime USB-C to USB-C Cable (6 ft, 240W, Upcycled-Braided), 100 Years of Unmatched Bend Durability Fast, Reliable, Sustainable: Experience ultra-fast 240W charging with a sustainable cable made from post-consumer recycled nylon, providing quick data transf...