IT Threats Log
Plain-English summaries of active threats targeting Florida businesses — what is happening, who is at risk, and what to do next. Updated as new advisories warrant.
This log provides general security awareness — not a substitute for a professional risk assessment. If you are unsure whether your business is protected, contact ITNS for advice.
AI-Cloned Executive Voices Used in Live Wire-Fraud Calls
Fraudsters are using AI-generated voice clones of CEOs, owners, and attorneys to call accounts-payable staff and authorize urgent wire transfers. The voices sound convincing on a quick phone call — especially when the caller claims to be traveling or in a meeting.
Read advisory →Attackers Abusing Legitimate Remote-Support Tools to Access Networks
After a phone scam or phishing email, victims are coached to install ScreenConnect, AnyDesk, TeamViewer, or similar tools. Criminals then use that session to deploy ransomware, steal credentials, or browse file shares — often bypassing traditional antivirus because the tool itself is legitimate.
Read advisory →Ivanti and Legacy Remote-Access Gateways Actively Exploited
Threat actors continue targeting Ivanti Connect Secure, Policy Secure, and other remote-access appliances with known vulnerabilities — often before patches are applied. Successful exploitation gives attackers VPN-level access without stealing a single password.
Read advisory →Fake Microsoft Teams Voicemail and Meeting Invites Delivering Malware
Attackers send emails that look like Teams voicemail notifications or external meeting invitations. Links lead to fake Microsoft sign-in pages or prompt users to install malicious 'Teams add-ons' and browser helpers.
Read advisory →SharePoint and OneDrive 'Shared Document' Phishing Surge
Emails claiming a vendor, client, or auditor shared a confidential file via SharePoint or OneDrive link victims to credential-harvesting pages. Because real businesses use these links daily, the lure blends into normal workflow.
Read advisory →Active Phishing Campaign Targeting Microsoft 365 Sign-In Pages
Attackers are sending convincing emails that mimic Microsoft password-expiry notices and lead to fake login pages designed to steal credentials and session cookies — giving them access even after you change your password.
Read advisory →Ransomware Groups Increasingly Targeting Small Business Backup Systems
Recent ransomware operations are not just encrypting production servers — they are hunting for backup appliances, NAS devices, and cloud sync folders to destroy recovery options before deploying encryption.
Read advisory →Business Email Compromise (BEC) Wire-Fraud Attempts on the Rise
Fraudsters are impersonating executives and vendors via compromised or spoofed email accounts, pressuring accounts-payable staff to change wire instructions or rush payments before end of day.
Read advisory →Unpatched VPN and Firewall Appliances Exploited in the Wild
Threat actors continue exploiting known vulnerabilities in edge devices — VPN concentrators, firewalls, and remote-access gateways — to gain initial network access without triggering antivirus alerts.
Read advisory →Fake IT Support Phone Calls Targeting Florida Business Staff
Scammers are cold-calling employees claiming to be from Microsoft, your ISP, or your IT provider — then requesting remote-access software installation or login credentials to 'fix a virus.'
Read advisory →Employees Pasting Sensitive Data into Public AI Chat Tools
Staff are using free AI chatbots to draft emails, summarize documents, and analyze spreadsheets — sometimes pasting client names, financials, or PHI without realizing that data may be stored or used for model training.
Read advisory →QR Code Phishing ('Quishing') in Email and Parking Lot Notices
Attackers embed malicious QR codes in emails, PDF invoices, and even physical stickers on parking meters or office doors — bypassing traditional link-scanning because victims scan with personal phones outside corporate security controls.
Read advisory →Credential Stuffing and Password Spray Against Cloud Accounts
Automated bots test stolen username/password pairs from past breaches against Microsoft 365, Google Workspace, and industry SaaS portals — succeeding when employees reuse passwords across personal and work accounts.
Read advisory →Want a threat assessment for your business?
We will review your backups, email security, remote access, and AI usage — and tell you honestly where you stand. No scare tactics, no long-term contracts.
Looking for strategic AI guidance? Read our IT & AI Insights blog →