Blue Footprint Ltd

17/06/2026

Remote browser isolation is moving into the mainstream to protect employees from web-based threats. By keeping your browser separate from your main system, you can work safely from anywhere. How are you protecting your team's remote work setup?

Keeper Security has announced the release of new Remote Browser Isolation (RBI) capabilities within KeeperPAM, delivering major adoption and usability improveme

16/06/2026

Identity is the new perimeter. Okta is now arguing that AI agents should be treated as unique identities with their own security permissions. As you add more AI tools to your office, how are you tracking who, or what, has access to your data?

Okta and Auth0 deliver flexible, secure access. Build fast with our extensible platforms for customers, workforce, and non-human identities.

15/06/2026

The one Outlook rule you need to set to save yourself from awkward conversations.

It's called "delay delivery." You set it once in classic Outlook, and from that point on every email you send sits in your Outbox for a specific time (that you set) before it leaves.

If you spot a typo, realise you sent the wrong attachment, or wrote something in frustration you wish you hadn't, you have can a standard 2-minute delay to give you enough time to stop it.

Just delete the email from your Outbox before the timer runs out.

To set it up in classic Outlook:

1. Go to File > Manage Rules & Alerts

2. Click "New Rule" and pick "Apply rule on messages I send"

3. Skip past the conditions so it applies to every email

4. Check "defer delivery by a number of minutes" and set it to 2

5. Save the rule

This is better than Outlook's built-in "Recall" feature, because it works every single time.

15/06/2026

A new AI named Claude Mythos has begun autonomously finding zero-day security flaws across major systems. The speed of digital threats is officially moving faster than human patch cycles. Is your business security ready for the era of autonomous attacks?

AI vulnerability discovery is outrunning patch cycles. A cybersecurity coalition explains what Mythos means for defenders and what to do.

12/06/2026

A massive data breach has affected over 13 million accounts at an edtech giant. It is a stark reminder that even trusted educational platforms are targets. When was the last time you changed your passwords or enabled two-factor authentication?

Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information of approximately 13.5 million users.

12/06/2026

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organisations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorising their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:

▶️ Block device code authentication flow in Entra ID for users who don't need it.

This protocol was designed for devices with lim

12/06/2026

A new phishing campaign is mimicking Google Workspace pages to steal login codes and certificates. Even tech-savvy users can be fooled by these perfect clones. Have you trained your team on how to spot the latest fake login pages?

Attackers are impersonating a Linux Foundation leader and social engineering open source developers via Slack.

11/06/2026

If a website ever tells you to press Windows Key + R, close the tab.

That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card...

You click a Google result that takes you to a hacked website.

A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human.

The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself.

No file was downloaded, so antivirus has nothing to scan.

The browser shows no warning.

From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:

▶️ Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.

▶️ Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.

▶️ Make sure your endpoint protection is doing behavioural monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling

11/06/2026

Hackers are already exploiting several new Microsoft Defender flaws in the wild. When zero-day attacks become common, rapid response is the only defence. Does your business have an incident response plan for a potential data breach?

The researcher who earlier this month published a PoC exploit for a zero-day LPE vulnerability in Microsoft Defender is back with two more.

10/06/2026

Microsoft just patched 167 security flaws in its latest update. If you haven't restarted your PC today, you are leaving the door wide open for hackers. When was the last time you checked for Windows updates? Don't wait until it is too late.

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.