IT Threats Log
Plain-English summaries of active threats targeting Florida businesses — what is happening, who is at risk, and what to do next. Updated as new advisories warrant.
This log provides general security awareness — not a substitute for a professional risk assessment. If you are unsure whether your business is protected, contact ITNS for advice.
Active Phishing Campaign Targeting Microsoft 365 Sign-In Pages
Attackers are sending convincing emails that mimic Microsoft password-expiry notices and lead to fake login pages designed to steal credentials and session cookies — giving them access even after you change your password.
Read advisory →Ransomware Groups Increasingly Targeting Small Business Backup Systems
Recent ransomware operations are not just encrypting production servers — they are hunting for backup appliances, NAS devices, and cloud sync folders to destroy recovery options before deploying encryption.
Read advisory →Business Email Compromise (BEC) Wire-Fraud Attempts on the Rise
Fraudsters are impersonating executives and vendors via compromised or spoofed email accounts, pressuring accounts-payable staff to change wire instructions or rush payments before end of day.
Read advisory →Unpatched VPN and Firewall Appliances Exploited in the Wild
Threat actors continue exploiting known vulnerabilities in edge devices — VPN concentrators, firewalls, and remote-access gateways — to gain initial network access without triggering antivirus alerts.
Read advisory →Fake IT Support Phone Calls Targeting Florida Business Staff
Scammers are cold-calling employees claiming to be from Microsoft, your ISP, or your IT provider — then requesting remote-access software installation or login credentials to 'fix a virus.'
Read advisory →Employees Pasting Sensitive Data into Public AI Chat Tools
Staff are using free AI chatbots to draft emails, summarize documents, and analyze spreadsheets — sometimes pasting client names, financials, or PHI without realizing that data may be stored or used for model training.
Read advisory →QR Code Phishing ('Quishing') in Email and Parking Lot Notices
Attackers embed malicious QR codes in emails, PDF invoices, and even physical stickers on parking meters or office doors — bypassing traditional link-scanning because victims scan with personal phones outside corporate security controls.
Read advisory →Credential Stuffing and Password Spray Against Cloud Accounts
Automated bots test stolen username/password pairs from past breaches against Microsoft 365, Google Workspace, and industry SaaS portals — succeeding when employees reuse passwords across personal and work accounts.
Read advisory →Want a threat assessment for your business?
We will review your backups, email security, remote access, and AI usage — and tell you honestly where you stand. No scare tactics, no long-term contracts.
Looking for strategic AI guidance? Read our IT & AI Insights blog →