Table of Contents
Protect your inbox from "replayed" invoices
1 big thing: Hackers are abusing trusted brands. Cybercriminals are using a trick called a "DKIM replay attack" to send fake invoices from brands like Apple and PayPal. These emails look real and bypass most security filters.
Why it matters: Because these messages come from trusted domains and pass security checks, your employees are more likely to trust the scam content inside.
How it works:
The Setup: Attackers create a real invoice on a site like PayPal but add a scam phone number in the "seller note."
The Signature: They send the invoice to themselves first. This gives the email a real digital signature (DKIM) from the vendor.
The Replay: They forward that exact, signed email to your staff. Since the signature is valid, your email filter lets it through.
The Goal: They want your team to call the fake number and give away credit card details or download malware.
The big picture: A "verified" email doesn't always mean the sender is honest. High-reputation domains can be used to carry malicious messages.
What you can do:
Check the "To" line: Often, these replayed emails show the hacker's address in the "To" field instead of the recipient's.
Verify before calling: Tell staff never to use a phone number found inside an unexpected invoice. Always go to the official website.
Train your team: Remind employees that hackers can hide scam instructions inside real vendor tools.
Go deeper: Read the full technical breakdown on the Kaseya blog.
Chrome 145 stops hackers from stealing your logins
The Big Picture: Google just released Chrome 145. The most important feature for your business is Device Bound Session Credentials (DBSC). This tool stops hackers from using stolen "cookies" to break into your company accounts.
Why It Matters: Hackers are shifting focus: As passwords become harder to steal, "session hijacking" is on the rise.
The "Cookie" problem: Normally, once a user logs in, the website gives them a digital token (a cookie). If a hacker steals that token, they can use it on their own computer to pretend to be your employee.
The solution: DBSC locks that token to a specific computer. Even if a hacker steals the cookie, it won't work on any other machine.
How It Works:
A secret handshake: When an employee logs in, Chrome creates a unique security key on their computer’s hardware (like the TPM chip on Windows).
Constant checking: The browser periodically proves it still has that key.
No more remote theft: If a hacker tries to use a stolen cookie on their own laptop, they won’t have the secret key. The website will simply block the login.
Yes, but: Browser support is one half of the equation; the other half is the web application you are using supporting Device Bound Session Credentials.
The Bottom Line: This update makes it much harder for malware to hijack your business accounts.
What You Can Do:
Update now: Ensure all company devices are running Chrome 145. Keep an eye out for this feature to come to Microsoft Edge (also based on Chromium) soon.
Check Windows settings: DBSC works best on Windows computers with a Trusted Platform Module (TPM) chip. Most modern PCs have this.
Watch for support: Google Workspace already supports this. Other websites will start using it soon. You don't need to change any settings; Chrome handles the hard work in the background.
Go deeper: Read the Google developer documentation on Device Bound Session Credentials (DBSC).
Ransomware and data theft are shifting: What you need to know
The big picture: A new report from Arctic Wolf shows that cybercriminals are changing their tactics. They are now moving away from just locking up files. Instead, they are stealing data to blackmail businesses.
By the numbers:
11x growth: Data-only extortion cases jumped from 2% to 22% in one year.
92% of cases: Almost all security incidents involve ransomware, email scams, or data theft.
65% of attacks: Most non-email attacks happen because of stolen remote access, like VPNs or RDP.
85% of scams: Most email attacks still start with phishing, now made harder to spot by AI.
Why it matters: Hackers are looking for the easiest way in. They prefer to "log in" using your own tools rather than "break in" with complex code. Since many businesses have better backups now, hackers use the threat of leaking private data to force a payment.
What you can do:
Secure your remote tools. Use strong, unique passwords and multi-factor authentication (MFA) for all VPN and remote desktop access.
Patch your software. Most attacks use old security holes. Keep your systems updated to stay safe.
Detect early. Identifying a threat before a hacker can lock your files or steal data can save you time and money.
Don't pay alone. In cases where companies did pay, professional negotiators reduced the cost by an average of 67%.
The bottom line: Better backups are helping, but they aren't enough. Focus on strong identity security and watching your remote access tools to stop hackers before they steal your data.
Go deeper: Arctic Wolf Threat Report
Unit 42 Report: Attacks are 4x faster
Cyberattacks are moving faster than ever. A new report from Palo Alto Networks Unit 42 shows that attackers now exfiltrate data in just 72 minutes. This is four times faster than last year.
Why it matters: For small and medium-sized businesses, the "window of response" is closing. You no longer have days to react to a breach. Most successful attacks today happen because of basic security gaps, not high-tech tricks.
The big picture: The 2026 Global Incident Response Report analyzed over 750 major cases. Here are the three main trends:
AI is a speed booster. Attackers use AI to find unpatched software in minutes. In some tests, AI helped attackers steal data in only 25 minutes.
Identity is the top target. Nearly 90% of breaches involve identity issues. Attackers don't "break in"—they log in using stolen passwords or bypass multi-factor authentication (MFA).
Complexity helps the "bad guys." Most attacks (87%) now spread across multiple areas, such as your cloud, email, and office network. If your tools don't talk to each other, you might miss the signs of an attack.
The report found that 99% of cloud users have more permissions than they actually need. This "excessive trust" allows hackers to move through your entire network once they get into a single account.
What you can do: You can stop most of these attacks by focusing on the basics:
Tighten identity rules. Use "least privilege" so users only have access to what they need for work.
Watch your "front door." Secure your web browsers and monitor for unusual login attempts.
Patch fast. Since AI helps hackers find holes quickly, you must update your software even faster. Automatic updates are ideal for client devices.
Simplify your tools. Having too many security products can create blind spots. Move toward a unified system that gives you a clear view of your whole network.
If you have any comments or feedback, just respond to this email!
Thanks for reading and stay secure,
Aaron