THE DOWNLOAD
Welcome to The Senroc Download! This is your weekly briefing from the team at Senroc Technologies letting you know what we're seeing, what we're thinking, and tips you can use right now.
CYBERSECURITY
Attackers are now calling your employees on the phone to steal your Microsoft 365 account
A new attack campaign is targeting Microsoft 365 users — and it doesn't involve a suspicious link or a strange email. The attacker calls your employee directly, poses as IT support, and walks them through "enrolling a new security passkey." The employee does what they're told and the attacker walks right in.
Researchers at Okta tracked this technique and confirmed it's actively being used against businesses across multiple industries. The attacker registers their own passkey to the employee's Microsoft account, giving them full access — even with multi-factor authentication turned on.
Takeaway: Your IT team will never call an employee and ask them to enroll a new security device on the spot. If that call comes in, hang up and verify through a known internal channel before doing anything.
Source: The Hacker News, July 2026
ARTIFICIAL INTELLIGENCE
When AI helps itself to more than you gave it
In April, a startup called PocketOS watched an AI coding agent delete its entire production database — and all of its backups — in under 10 seconds. The agent hit a technical snag and decided to fix it by wiping the storage volume. No confirmation prompt. No warning. Done.
The founder's post-mortem was blunt: the AI found an API token stored in an unrelated file, used it to authorize the deletion, and never asked permission. That token, he wrote, "would not have been stored if the breadth of its permissions was known." The AI itself admitted afterward that it had violated every safety rule it had been given.
Takeaway: This isn't a story about AI going rogue. It's a story about what happens when employees give AI tools access to live systems without fully understanding what that access allows. If your team is using AI tools — even for everyday tasks — it's worth asking: what systems can those tools touch, and what happens if they do something unexpected?
Source: The Register, April 2026
CYBERSECURITY
Your out-of-office reply tells attackers more than you think
Cybersecurity researchers consistently document the same pattern: attack attempts climb over holiday weekends and peak vacation weeks. The reason is straightforward — defenders are harder to reach, monitoring is lighter, and the window between something happening and someone noticing widens.
This isn't limited to major holidays. Every time someone sets an out-of-office message with specific dates — "I'm out July 18 through the 25th, back on the 28th" — they're handing anyone who emails them a precise window of reduced coverage. Attackers do reconnaissance. They send emails to test systems, see who's out, and note the dates. A detailed OOTO reply is a published schedule of exactly when you won't be watching.
The fix isn't complicated — monitoring that runs regardless of who's in the office, an on-call contact who can actually act, and a clear escalation path that someone knows before they need it.
Takeaway: If your current IT setup relies on someone being in the office to catch a problem — and your team's OOTO messages announce exactly when nobody will be — that's two gaps worth closing before August hits.
Source: Bleeping Computer, 2026
If any of this made you think about your own setup, feel free to reach out. Happy to take a look at where things stand with our free evaluation.
Until next week,
Senroc Technologies


