Updates on Williams Consulting, Inc.

Updates on Williams Consulting, Inc. https://wci-website.pages.dev/updates/ Recent content in Updates on Williams Consulting, Inc. Hugo -- 0.152.2 en-us Tue, 03 Mar 2026 00:00:00 +0000 Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations https://wci-website.pages.dev/updates/fake-tech-support-spam-deploys-havoc-c2/ Tue, 03 Mar 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/fake-tech-support-spam-deploys-havoc-c2/ Attackers flood inboxes with spam, then call victims posing as IT support to deliver the Havoc command-and-control framework via DLL sideloading and social engineering. Vibe-Coded Spam: AI Tools Are Making Phishing Emails Harder to Spot https://wci-website.pages.dev/updates/vibe-coded-spam-ai-phishing-emails/ Wed, 25 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/vibe-coded-spam-ai-phishing-emails/ AI-assisted “vibe coding” now lets spammers produce polished, visually convincing phishing emails with almost no technical skill — making traditional red flags like poor formatting far less reliable. Starkiller Phishing-as-a-Service Platform Proxies Real Login Pages to Bypass MFA https://wci-website.pages.dev/updates/starkiller-phishing-service-proxies-login-pages-mfa/ Sat, 21 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/starkiller-phishing-service-proxies-login-pages-mfa/ A new phishing platform called Starkiller loads legitimate login pages through headless browsers, intercepting credentials and session tokens in real time to defeat MFA. ShinyHunters Gang Targets Microsoft Entra Accounts with Device Code Vishing Attacks https://wci-website.pages.dev/updates/shinyhunters-device-code-vishing-microsoft-entra/ Thu, 19 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/shinyhunters-device-code-vishing-microsoft-entra/ The ShinyHunters extortion gang is combining voice phishing with OAuth device code flows to hijack Microsoft Entra accounts and bypass MFA. CISA Flags Four Actively Exploited Vulnerabilities — Including a Chrome Zero-Day https://wci-website.pages.dev/updates/cisa-kev-four-flaws-february-2026/ Wed, 18 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/cisa-kev-four-flaws-february-2026/ CISA added four flaws to its Known Exploited Vulnerabilities catalog. A Chrome use-after-free and a critical Zimbra SSRF top the list. Patch now. Citizen Lab: Cellebrite Used to Extract Data from Kenyan Activist's Phone in Police Custody https://wci-website.pages.dev/updates/cellebrite-kenyan-activist-citizen-lab/ Wed, 18 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/cellebrite-kenyan-activist-citizen-lab/ Citizen Lab found forensic extraction indicators on a seized Samsung phone belonging to a Kenyan pro-democracy activist. The case adds to a growing pattern of surveillance tool misuse. Microsoft Copilot Bug Summarized Confidential Emails Despite DLP Policies https://wci-website.pages.dev/updates/copilot-bug-confidential-emails/ Wed, 18 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/copilot-bug-confidential-emails/ A code bug let Microsoft 365 Copilot read and summarize emails marked confidential — bypassing sensitivity labels and DLP policies since late January. Bitwarden Adds Free Shared Vaults for Two Users https://wci-website.pages.dev/updates/bitwarden-cupid-vault-password-sharing/ Thu, 12 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/bitwarden-cupid-vault-password-sharing/ Bitwarden’s new Cupid Vault feature lets free-tier users securely share credentials with one other person — no more texting passwords. Patch Tuesday: February 2026 — Six Zero-Days Already Under Attack https://wci-website.pages.dev/updates/patch-tuesday-february-2026/ Tue, 10 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/patch-tuesday-february-2026/ Microsoft’s February patch batch fixes 50+ vulnerabilities, including six zero-days actively exploited in the wild. Patch now. AI Makes the Easy Part Easier and the Hard Part Harder https://wci-website.pages.dev/updates/ai-easy-part-easier-hard-part-harder/ Mon, 09 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/ai-easy-part-easier-hard-part-harder/ A developer’s take on the real tradeoff with AI coding tools: writing code was never the hard part, and skipping it makes the hard parts — reading, reviewing, and understanding — even harder. RFC 3092: The Etymology of Foo https://wci-website.pages.dev/updates/rfc-3092-etymology-of-foo/ Mon, 09 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/rfc-3092-etymology-of-foo/ An April Fools’ RFC that traces the surprisingly deep history of ‘foo,’ ‘bar,’ and the other placeholder names every programmer uses without thinking. IT Hygiene Is Not Optional — Why SIEM/XDR Matters for Small Firms https://wci-website.pages.dev/updates/it-hygiene-siem-xdr/ Fri, 06 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/it-hygiene-siem-xdr/ Forgotten accounts, unpatched software, and unauthorized services create real risk. A recent article breaks down how centralized monitoring tools help keep environments clean. Now Publishing Regular Updates https://wci-website.pages.dev/updates/welcome/ Fri, 06 Feb 2026 00:00:00 +0000 https://wci-website.pages.dev/updates/welcome/ We’re starting a regular series of posts covering security news, compliance changes, and lessons from the field.