<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[MSP Minute]]></title><description><![CDATA[A 60 second summary of what's happening in the Managed Service Provider world, emailed every weekday morning. Always free.]]></description><link>https://www.mspminute.com</link><image><url>https://substackcdn.com/image/fetch/$s_!gmWi!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff0c3f22b-6d32-46a6-9881-10316cc6169c_354x354.png</url><title>MSP Minute</title><link>https://www.mspminute.com</link></image><generator>Substack</generator><lastBuildDate>Sun, 19 Jul 2026 08:21:52 GMT</lastBuildDate><atom:link href="https://www.mspminute.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[MSP Minute]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[mspminute@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[mspminute@substack.com]]></itunes:email><itunes:name><![CDATA[MSP Minute]]></itunes:name></itunes:owner><itunes:author><![CDATA[MSP Minute]]></itunes:author><googleplay:owner><![CDATA[mspminute@substack.com]]></googleplay:owner><googleplay:email><![CDATA[mspminute@substack.com]]></googleplay:email><googleplay:author><![CDATA[MSP Minute]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[The MSP Minute ⏱ Friday 12 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Hackers are actively exploiting a SolarWinds flaw... ShinyHunters hit a UK university... and a money-laundering service for ransomware gangs is shut.]]></description><link>https://www.mspminute.com/p/the-msp-minute-friday-12-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-friday-12-june-2026</guid><pubDate>Fri, 12 Jun 2026 09:30:39 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!Jjal!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; CISA confirms hackers are actively exploiting a SolarWinds Serv-U flaw to crash servers</h2><p>CISA added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog this week, confirming that attackers are actively exploiting a denial-of-service flaw in SolarWinds Serv-U file transfer software. </p><p>An unauthenticated attacker can crash the Serv-U service with a single crafted HTTP request, taking file transfer operations offline and potentially opening the door to further exploitation during the recovery window. Federal agencies have until June 19 to patch. <a href="https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/">BleepingComputer</a></p><p>This is the fifth SolarWinds Serv-U vulnerability to be confirmed as actively exploited since 2021. If you manage Serv-U deployments for any clients, patch today.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; ShinyHunters breached the UK&#8217;s University of Nottingham. 455,000 students' data is now public</h2><p>ShinyHunters has added another UK institution to its list.</p><p>The University of Nottingham confirmed that a hacking group gained access to its student records system in a breach affecting both current students and alumni. The university said the incident exposed a &#8220;significant amount of data&#8221; and that the breach has been reported to the UK&#8217;s Information Commissioner&#8217;s Office. <a href="https://www.bleepingcomputer.com/news/security/nottingham-university-data-breach-affects-over-450-000-students/">BleepingComputer</a></p><p>Have I Been Pwned confirmed the breach affects 455,000 unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and information relating to academic enrolments and fee payments.</p><p>This attack is part of a wider campaign in which ShinyHunters has stolen data from over 100 organisations worldwide.</p><p></p><h2>&#128994; The money-laundering service that kept ransomware gangs paid just got shut down</h2><p>Finally, a satisfying one to end the week on.</p><p>Law enforcement has dismantled AudiA6, a cryptocurrency laundering service used by ransomware actors and other cybercriminals to launder more than $380 million. The coordinated takedown was executed on Wednesday, resulting in 2 arrests, 25 domains seized, more than 30 servers taken offline, and over 80 vehicles and multiple properties confiscated. <a href="https://www.bleepingcomputer.com/news/legal/authorities-dismantle-audia6-ransomware-crypto-laundering-service/">BleepingComputer</a></p><p>The service was linked to more than 15 international ransomware investigations. It accepted cybercrime proceeds, obscured their origins through complex transactions, and returned them cleaned within approximately one hour, charging a 3-10% commission. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Jjal!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Jjal!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Jjal!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/eedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2480417,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/201716221?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Jjal!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!Jjal!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feedf0abe-1c8e-4c4a-af17-8c005e61e271_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Well, will you look at that? We made it to Friday &#128515; Hope you have a great weekend. We&#8217;ll be back in your inbox on Monday morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Thursday 11 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Nightmare Eclipse dropped another Windows zero-day hours after Patch Tuesday... NinjaOne's $12.3 billion valuation... and the World Cup kicks off.]]></description><link>https://www.mspminute.com/p/the-msp-minute-thursday-11-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-thursday-11-june-2026</guid><pubDate>Thu, 11 Jun 2026 09:30:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!zjo7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Nightmare Eclipse dropped a seventh Windows zero-day, just hours after the biggest Patch Tuesday in history</h2><p>Microsoft patched 200 vulnerabilities on Tuesday. But by Tuesday afternoon, Nightmare Eclipse had published another one.</p><p>RoguePlanet is a new Microsoft Defender race condition exploit that grants system-level privileges on fully patched Windows 10 and Windows 11 machines. It was confirmed working on systems with all June 2026 Patch Tuesday updates installed. </p><p>ThreatLocker independently reproduced it and shared a video demonstrating it. &#8220;Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described,&#8221; ThreatLocker CEO Danny Jenkins told BleepingComputer. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/">BleepingComputer</a></p><p>The exploit is a race condition, not guaranteed to succeed on every machine, and it doesn&#8217;t work on Windows Server in its current form. But this is the seventh Windows zero-day dropped by this researcher since April. Their &#8220;bone shattering&#8221; July 14 release remains threatened. </p><p>Microsoft, for its part, previously appeared to threaten legal action against Nightmare Eclipse before walking it back under significant community pressure. <a href="https://www.theregister.com/security/2026/06/10/nightmare-eclipse-publishes-new-windows-defender-zero-day/5253725">The Register</a></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; NinjaOne just went from a $5 billion to a $12.3 billion valuation in 18 months. It&#8217;s now one of the most valuable software companies on the planet</h2><p>NinjaOne announced Tuesday it has raised over $400 million in a Series C extension, bringing its valuation to $12.3 billion. That&#8217;s up from $5 billion in February 2025. <a href="https://www.channeldive.com/news/ninjaone-valuation/822433/">Channel Dive</a></p><p>To put that in context: NinjaOne serves nearly 40,000 customers across 140+ countries, grew nearly 70% year-on-year in 2025, and turned its first profitable quarter earlier this year. </p><p>Co-founders Sal Sferlazza and Chris Matarese remain the largest shareholders. Their message to MSPs was direct: &#8220;The channel is core to everything we do. With this funding, we will continue to prioritise delivering more partner enablement, more field resources, and expanding our investment in developing new and improved products and tools that help our partners grow.&#8221;</p><p></p><h2>&#128994; The World Cup kicks off tonight. Did you send that warning email to clients last week?</h2><p>The 2026 FIFA World Cup opens tonight with Mexico vs USA in Mexico City. It&#8217;s the first match of a tournament that runs across the US, Canada, and Mexico for the next seven weeks.</p><p>We&#8217;ve covered the phishing threat twice. Over 4,300 fraudulent FIFA domains are live. The GHOST STADIUM campaign is running 300+ clones of the official site. And the FBI has issued formal warnings.</p><p>But today the angle is different. The MSPs who sent clients a short, practical warning email last week (verify the URL, buy only from official sources, be careful with sponsored search results) are proactively helping to protect their clients&#8217; employees.</p><p>If you didn&#8217;t send it last week, there&#8217;s still time. The tournament runs until mid-July. <a href="https://www.fifa.com/en/tournaments/mens/worldcup/canadamexicousa2026">FIFA</a></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!zjo7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!zjo7!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!zjo7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png" width="1122" height="1402" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1402,&quot;width&quot;:1122,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1029576,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/201557702?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!zjo7!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!zjo7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F092456c2-256a-48eb-9342-ef211fe0d050_1122x1402.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Amazing, that&#8217;s Thursday morning done, and we&#8217;ll be back in your inbox for the final time this week tomorrow morning. Have an exceptional day.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Wednesday 10 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... it's a big day. Veeam has a critical flaw... the biggest Patch Tuesday in history... and AI found its first real Microsoft vulnerability.]]></description><link>https://www.mspminute.com/p/the-msp-minute-wednesday-10-june</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-wednesday-10-june</guid><pubDate>Wed, 10 Jun 2026 09:31:06 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!8Mko!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Veeam just patched a critical flaw that lets any domain user take over your backup server&#8230; that caught the attention of ransomware gangs</h2><p>If you run Veeam Backup &amp; Replication 12.x in a domain-joined environment, patch this today.</p><p>Veeam disclosed CVE-2026-44963 yesterday. It&#8217;s a CVSS 9.4 critical vulnerability allowing any authenticated domain user to execute arbitrary code remotely on the backup server. The bar for exploitation is remarkably low: standard Active Directory credentials, no admin rights required, and no special access needed. Any domain user can trigger it. <a href="https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/">BleepingComputer</a></p><p>No active exploitation has been confirmed yet. But Veeam explicitly warns that attackers typically begin developing exploits as soon as patches are disclosed. </p><p>CISA has previously flagged four separate Veeam Backup &amp; Replication vulnerabilities as actively exploited, with ransomware groups including Akira, Fog, Frag, and FIN7 all linked to Veeam attacks. </p><p>The patch is available now. Update to Veeam Backup &amp; Replication version 12.3.2.4854. Note: this vulnerability only affects domain-joined installations. If your Veeam servers are in a workgroup configuration rather than joined to Active Directory, you are not affected by this specific flaw&#8230; but sensible to update anyway, as Veeam patched additional high-severity flaws in the same release.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Yesterday was the biggest Patch Tuesday in Microsoft history: 200 flaws, three zero-days, and the end of the Nightmare Eclipse saga (for now)</h2><p>June 2026 Patch Tuesday addressed a HUGE 200 vulnerabilities, smashing the previous record of 167 set in October last year. </p><p>33 are rated Critical, 28 of which are remote code execution flaws. The full breakdown is live and updating. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/">BleepingComputer</a></p><p>The three zero-days are the ones some MSPs have been following: </p><ul><li><p>GreenPlasma, the Windows CTFMON privilege escalation exploit we first covered in May, is patched as CVE-2026-45586</p></li><li><p>YellowKey, the BitLocker bypass that lets anyone with physical access read encrypted drives, is addressed in CVE-2026-50507. </p></li><li><p>And RedSun, the Defender exploit, was quietly patched without a CVE or public advisory</p></li></ul><p>All three stem from Nightmare Eclipse, the anonymous disgruntled researcher who has been dropping unpatched Windows exploits since April. <a href="https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/">Krebs on Security</a></p><p>Also in today&#8217;s release: the permanent fix for Exchange Server CVE-2026-42897, the actively exploited cross-site scripting flaw. And the Secure Boot certificate update, the last comfortable window before the June 26 deadline. Windows Server needs manual deployment via Group Policy or WSUS.</p><p><em>Side note: Nightmare Eclipse dropped a fresh exploit within hours of today&#8217;s patches publishing and has promised a &#8220;bone shattering&#8221; release on July 14, exactly when next month&#8217;s Patch Tuesday lands.</em> </p><p></p><h2>&#128994; For the first time ever, Microsoft credited an AI for finding a vulnerability in Patch Tuesday</h2><p>Buried inside yesterday&#8217;s record-breaking release is an AI footnote.</p><p>CVE-2026-49160, a denial-of-service flaw affecting Microsoft IIS web servers, was discovered and reported not by a human security researcher, but by OpenAI&#8217;s Codex AI. </p><p>Microsoft explicitly credited it in the advisory. It&#8217;s the first time a major vendor has publicly acknowledged an AI system as the discoverer of a real-world vulnerability in a Patch Tuesday release. <a href="https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/">Krebs on Security</a></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!8Mko!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!8Mko!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 424w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 848w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 1272w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!8Mko!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png" width="1456" height="819" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:819,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1235024,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/201422092?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!8Mko!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 424w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 848w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 1272w, https://substackcdn.com/image/fetch/$s_!8Mko!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F687b62ab-e619-466b-9faf-774fc97a917f_1672x941.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p></p><p>Right, that's your update for Hump Day. We said it was a big one, didn't we? We'll be back in your inbox tomorrow morning. Have a good one.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Tuesday 9 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Meta's AI support tool handed 20,000 Instagram accounts to hackers... June Patch Tuesday is live right now... and is AI an excuse to fire people?]]></description><link>https://www.mspminute.com/p/the-msp-minute-tuesday-9-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-tuesday-9-june-2026</guid><pubDate>Tue, 09 Jun 2026 09:31:35 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!nYfJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Meta's AI support tool had a bug that let attackers steal 20,000 Instagram accounts&#8230; without breaking in</h2><p>This is the story that should make every MSP think carefully about AI-powered support tools.</p><p>Meta&#8217;s High Touch Support system, an AI-assisted tool designed to help users recover locked Instagram accounts, had a flaw that attackers exploited between April and May. </p><p>The system sent password reset links without verifying whether the email address matched the account being recovered. Attackers simply requested resets for accounts they didn&#8217;t own, received the links, and walked straight in. <a href="https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-affects-20-000-instagram-accounts/">BleepingComputer</a></p><p>This was a hacker social-engineering an AI system&#8230; finding the gap between what the AI was supposed to check and what it actually checked. As AI tools get deployed across more client environments for support, authentication, and access management, this category of risk is going to grow.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; June Patch Tuesday is live. Check BleepingComputer today for the full breakdown as it drops</h2><p>Updates are dropping from Microsoft this morning. Key things expected in today&#8217;s release:</p><ul><li><p>The permanent fix for Exchange Server CVE-2026-42897, the actively exploited cross-site scripting flaw we flagged last week</p></li><li><p>And the Secure Boot certificate update, which is the last comfortable window before the June 26 deadline. <a href="https://www.helpnetsecurity.com/2026/06/05/june-2026-patch-tuesday-forecast/">Help Net Security</a></p></li></ul><p>Windows Server does not auto-apply the Secure Boot certificate update, it needs manual deployment via Group Policy or WSUS. After June 26, unpatched devices enter a degraded security state.</p><p>BleepingComputer will have the full breakdown live throughout the morning as CVEs are confirmed&#8230; worth keeping an eye on today: <a href="https://www.bleepingcomputer.com/tag/patch-tuesday/">BleepingComputer</a></p><p></p><h2>&#128994; Companies that fired people to make room for AI are finding it isn't working</h2><p>Fresh research published today makes for interesting reading, especially if your clients have been asking whether they should be replacing staff with AI tools.</p><p>Gartner surveyed organisations across multiple sectors on their AI deployment strategies and found a clear pattern: companies that used AI to replace workers outright are not seeing the productivity gains they expected. The ones reporting the strongest returns are the ones using what Gartner calls &#8220;people amplification&#8221;: giving existing staff AI tools that make them faster, better, and more capable, rather than eliminating the humans entirely. <a href="https://www.tomshardware.com/tech-industry/artificial-intelligence/executives-are-cutting-jobs-for-an-ai-future-that-hasnt-fully-arrived-yet-even-as-productivity-gains-remain-difficult-to-prove-data-neither-confirms-nor-refutes-an-ai-unemployment-apocalypse">Tom&#8217;s Hardware</a></p><p>The data is still murky. Gartner is careful to say neither the success nor the failure of AI replacement is conclusively proven yet. But the direction of the early evidence is clear enough: AI as a tool in human hands is outperforming AI as a <em>replacement</em> for human hands.</p><p>Your clients are going to read stories like this and ask what it means for their business. This could be a good opportunity for you to offer AI consulting services.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!nYfJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!nYfJ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!nYfJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1217256,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/201256018?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!nYfJ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!nYfJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0c8430a7-cf16-4379-a158-b94d75920f6a_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Yay, that&#8217;s Tuesday done. We&#8217;ll be back in your inbox tomorrow morning. Have a great day!</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Monday 8 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... 4,300 fake FIFA sites... June Patch Tuesday this week and it's a big one... and an IT call out with a bullet proof vest.]]></description><link>https://www.mspminute.com/p/the-msp-minute-monday-8-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-monday-8-june-2026</guid><pubDate>Mon, 08 Jun 2026 09:31:23 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!IZXt!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; The World Cup opens Thursday. 4,300 fraudulent FIFA sites are already live and targeting your clients</h2><p>The tournament might not start until Thursday, but the scammers have been ready since August.</p><p>Group-IB has tracked over 4,300 fraudulent FIFA-related domains registered since August 2025. At the centre is a campaign called GHOST STADIUM, a Chinese-speaking criminal operation. It&#8217;s running 300+ pixel-perfect clones of the official FIFA portal, complete with fake single sign-on flows, in 11 languages. The FBI confirmed last week that hundreds of these sites are actively harvesting credentials and payment details from fans buying tickets, merchandise, and streaming packages. <a href="https://thehackernews.com/2026/06/fifa-world-cup-2026-scams-are-already.html">The Hacker News</a></p><p>The attack surface is enormous: FIFA said it received 150 million ticket requests in the first 15 days of sales (30 times oversubscribed) leaving millions of fans anxious, desperate, and clicking fast.</p><p>Your clients&#8217; employees are football fans. Some of them are going to be searching for tickets, streams, and merchandise over the next seven weeks. How about sending a one paragraph warning email this week?</p><ul><li><p>Verify the URL</p></li><li><p>Buy only from official sources</p></li><li><p>Be extra careful when entering card details on a page you reached via a search ad </p></li></ul><p>Have you seen any impact from this? Hit reply and let us know.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; June Patch Tuesday is tomorrow. And it's probably bringing the Exchange Server zero-day fix we've been waiting for</h2><p>Two things to know before tomorrow&#8217;s updates drop.</p><p>First: the Exchange Server zero-day CVE-2026-42897, the actively exploited cross-site scripting flaw, is expected to finally receive its permanent patch on Wednesday (although that hasn&#8217;t yet been confirmed). Microsoft has had a temporary EEMS mitigation in place since disclosure. Apply it across all on-prem Exchange estates as soon as it&#8217;s available. <a href="https://www.helpnetsecurity.com/2026/06/05/june-2026-patch-tuesday-forecast/">Help Net Security</a></p><p>Second: this is the last comfortable Patch Tuesday before the Secure Boot certificate deadline on June 26. Devices that receive the update are covered. Devices that miss it have no further comfortable window before the deadline. After June 26 unpatched devices enter a degraded security state. Windows Server does not auto-update this certificate. It requires manual deployment via Group Policy or WSUS. Check your Server estates today before tomorrow&#8217;s updates drop.</p><p></p><h2>&#128994; The IT support call that ended with tactical vehicles</h2><p>The Register&#8217;s On Call column published last week with one of the best reader submissions in recent memory.</p><p>Solomon was working IT support for a Scottish courts organisation when he got an urgent callout. He arrived to find several police patrol cars. Then more arrived and the radio chatter intensified. Then two tactical vehicles came roaring around the corner. </p><p>There was a lot of shouting. Solomon&#8217;s exact thought at this point: &#8220;I need a bulletproof vest and a fully automatic rifle. I haven&#8217;t been to church for years.&#8221; <a href="https://www.theregister.com/offbeat/2026/06/05/tech-support-chap-hauled-out-to-help-swat-team-saw-his-life-flash-before-his-eyes/5245506">The Register</a></p><p>About 20 minutes later, the officer in charge returned to Solomon and told him he wasn&#8217;t needed. &#8220;No computers here,&#8221; he said, adding the cryptic explanation: &#8220;Things moved faster than expected.&#8221;</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!IZXt!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!IZXt!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!IZXt!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1050976,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/201103855?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!IZXt!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!IZXt!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863c2cb5-0686-4815-8b30-b60ad9cd6aa7_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Ok, that&#8217;s Monday done. It&#8217;s gonna be a busy week, we feel. Don&#8217;t you? We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Friday 5 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Microsoft's email platform went down globally this week... Microsoft's MFA portal also went dark... and a stat to take into the weekend.]]></description><link>https://www.mspminute.com/p/the-msp-minute-friday-5-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-friday-5-june-2026</guid><pubDate>Fri, 05 Jun 2026 09:31:16 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!RBNe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Microsoft Exchange Online had a major global outage this week. Are you still seeing problems?</h2><p>If your clients had email delays or failures earlier this week, here&#8217;s what happened.</p><p>Starting Tuesday, Microsoft&#8217;s Exchange Online suffered a serious mail flow failure, tracked as incident EX1331830. It blocked or severely delayed email delivery for enterprise users across North America, Asia-Pacific, and Europe. </p><p>Emails were stuck in transit for anywhere between 30 minutes and six hours. Engineers deployed a mitigation at 02:00 UTC on Wednesday, found it was making things worse, and had to roll it back. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/">BleepingComputer</a></p><p>Microsoft traced the root cause to a subset of mail transport infrastructure that stopped processing messages as expected. Service was gradually restored, but the mail queue backlog meant some messages continued to arrive late well into the following day.</p><p>Did you see any impact from this? Hit reply and let us know.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Microsoft's MFA registration portal also went down this week&#8230;</h2><p>Slightly different issue. On Monday, Microsoft&#8217;s My Sign-Ins portal (the page where users set up and manage their MFA methods) went down with 504 Gateway Timeout errors. </p><p>Users who needed to register MFA for the first time, reconfigure an existing method, or recover a lost authenticator couldn&#8217;t do any of it. New starters couldn&#8217;t complete onboarding and anyone locked out of their account couldn&#8217;t get back in. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outage-affecting-mfa-setup-mysignin-service/">BleepingComputer</a></p><p>Microsoft blamed a cache configuration change and restored the service the same day after rolling back to the original infrastructure.</p><p></p><h2>&#128994; Do you believe this stat? 75% of MSPs were breached at least once last year</h2><p>CyberSmart&#8217;s 2026 MSP Survey, based on 350 MSP leaders across the UK and Ireland, published last month with a finding that deserves more attention than it got. <a href="https://cybersmart.co.uk/msp-cybersecurity-report-2026/">CyberSmart</a></p><ul><li><p>Three quarters of MSPs reported at least one breach in the past 12 months</p></li><li><p>54% were breached two or more times</p></li><li><p>Nearly a third experienced three or more incidents</p></li><li><p>And 59% of MSPs believe their clients are more at risk now than they were a year ago.</p></li></ul><p>Of course, we know why attackers are targeting MSPs, because they want to access multiple organisations from one breach.</p><p>The good news in the same report: customer scrutiny of MSP security is stabilising as a baseline expectation. Investing in your own security is good for business in every way.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!RBNe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!RBNe!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!RBNe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1841883,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/200721544?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!RBNe!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!RBNe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5414cdc5-7f6c-4cc4-8002-2649d558344f_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Right, that&#8217;s this week done. I don&#8217;t know about you, but we&#8217;re exhausted and need a beer tonight and a long sleep this weekend. Have a good one. We&#8217;ll be back in your inbox on Monday morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Thursday 4 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... someone built an AI-powered malware lab to defeat your security tools... the World Cup scammers are ready... and the Pax8 event opens on Sunday.]]></description><link>https://www.mspminute.com/p/the-msp-minute-thursday-4-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-thursday-4-june-2026</guid><pubDate>Thu, 04 Jun 2026 09:31:24 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!A_DQ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; A threat actor used AI to build a malware testing lab&#8230; specifically to defeat the security tools you deploy for clients</h2><p>Sophos published some scary research on Tuesday.</p><p>A threat actor linked to ransomware and data theft operations, built a complete AI-orchestrated malware development and testing framework. Using AI agents including Claude Opus and Cursor, they generated Python shellcode injection scripts, automated Active Directory discovery, and systematically refined EDR evasion techniques across 80+ modules and 70+ bypass methods. </p><p>All of it&#8217;s been tested against dedicated virtual machines running Sophos, CrowdStrike, and Microsoft Defender&#8230; the exact tools MSPs deploy for clients. <a href="https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/">BleepingComputer</a></p><p>The toolkit also includes Cobalt Strike profiles disguising beacon traffic as legitimate web requests, a Telegram bot for command and control, and a Cloudflare Worker concealing backend infrastructure. This is a sophisticated, layered setup that took significant effort to build and is being used operationally. <a href="https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/">Help Net Security</a></p><p>Two things worth understanding. </p><ul><li><p>First: this is AI being used to accelerate attack development, not replace the attacker. The workflow is entirely human-driven. AI just makes it dramatically faster. </p></li><li><p>Second: the specific EDR tools tested were Sophos, CrowdStrike, and Defender. We don&#8217;t yet know how successful the evasion was. Sophos notes the attacker&#8217;s claimed success rate appears to include AI hallucination. But the direction this is going is clear.</p></li></ul><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; The World Cup starts in a week. The scammers have been ready for months</h2><p>The 2026 FIFA World Cup kicks off a week today across the US, Canada, and Mexico. The FBI issued a formal warning last week: hundreds of fake FIFA websites are already live, designed to steal credentials, payment details, and personal information from fans buying tickets, merch, and streaming packages. <a href="https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-fifa-websites-running-world-cup-fraud-schemes/">BleepingComputer</a></p><p>The most sophisticated campaign runs across 300+ domains and includes a pixel-perfect replica of the official FIFA website, complete with a fake single sign-on flow and support in 11 languages. Typosquatted domains include fiffa[.]com, vww-fifa[.]com, and fake employment portals like jobs-fifa[.]com. <a href="https://cybernews.com/cybercrime/fbi-world-cup-fifa-ticket-scam-warning/">Cybernews</a></p><p>The practical angle for MSPs: your clients&#8217; employees are football fans. Some of them will be buying related stuff over the next seven weeks. A short, timely reminder about verifying URLs before entering payment details is worth sending this week&#8230; it&#8217;s the kind of proactive communication that shows you have their back.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!A_DQ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!A_DQ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!A_DQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/f8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1373854,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/200577726?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!A_DQ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!A_DQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff8aa1d69-c5c5-4105-bf7b-572c7b407e34_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><h2>&#128994; Pax8 Beyond opens this Sunday in Salt Lake City</h2><p>Pax8 Beyond 2026 opens Sunday at the Salt Palace Convention Center in Salt Lake City. Three days of sessions, vendors, and announcements covering Microsoft licensing, AI tools, cybersecurity stack consolidation, and MSP business growth. <a href="https://www.pax8beyond.com/">Pax8 Beyond</a></p><p>If you&#8217;re going,  hit reply to let us know. It&#8217;s worth knowing that announcements from the show floor this weekend could affect Microsoft licensing pricing and AI product availability for MSPs. We&#8217;ll keep an eye on what comes out of it and cover anything significant early next week.</p><p></p><p>Great, that&#8217;s Thursday done. We&#8217;ll be back in your inbox in the morning, for the final time this week. Have a good one.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Wednesday 3 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Dashlane's 2FA got brute-forced and encrypted vaults stolen... an MSP hits 48 acquisitions... and UK small businesses are taking their time with AI]]></description><link>https://www.mspminute.com/p/the-msp-minute-wednesday-3-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-wednesday-3-june-2026</guid><pubDate>Wed, 03 Jun 2026 09:31:19 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!XG08!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Attackers brute-forced Dashlane's 2FA and downloaded encrypted vaults. Here's what MSPs need to know</h2><p>If you deploy Dashlane for clients, check your inboxes this morning.</p><p>Between May 31 and June 2, attackers ran a sustained brute-force campaign against Dashlane&#8217;s two-factor authentication, exploiting a fundamental limitation of TOTP codes. </p><p>A six-digit code gives only one million possible combinations per 30 second window. With enough automated attempts, that window is crackable. Dashlane&#8217;s security systems detected the attack and suspended affected accounts. But not before attackers successfully registered unauthorised devices on a small number of accounts and downloaded their encrypted vaults. <a href="https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/">BleepingComputer</a></p><p>Fewer than 20 personal plan users had vaults downloaded. Dashlane&#8217;s zero-knowledge architecture means those vaults remain unreadable without each user&#8217;s master password&#8230; so users with strong, unique master passwords are safe. Users with weak or reused master passwords are at risk of offline cracking attempts. Dashlane confirmed no breach of internal systems and says all affected accounts have been unsuspended. The incident status is currently &#8220;monitoring.&#8221; <a href="https://www.theregister.com/security/2026/06/01/password-manager-dashlane-suspends-customer-accounts-amid-brute-force-attacks/5248991">The Register</a></p><p>Two things worth doing today. </p><ul><li><p>First, if any of your clients use Dashlane and received a vault-risk email from Dashlane directly, treat that account as compromised and rotate the master password immediately</p></li><li><p>Second, and more broadly, this incident is a useful reminder that TOTP 2FA is significantly weaker than most people assume. Where possible, push clients toward phishing-resistant authentication: passkeys, hardware security keys, or number-matching MFA rather than six-digit codes.</p></li></ul><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; The 20 MSP just completed its 48th acquisition</h2><p>The 20 MSP announced yesterday it has acquired four more managed service providers, bringing its total acquisition count to 48 since the company began its aggressive roll-up strategy. <a href="https://www.the20msp.com/2026/06/02/the-20-msp-acquisitions/">The 20 MSP</a></p><p>To put that number in perspective: last year, 466 separate MSP businesses were acquired worldwide: one every 19 hours, on average. The total value of those deals was $4.3 billion. And 2026 is on track to beat that.</p><p>The reason is straightforward. There&#8217;s a lot of money sitting in private equity funds that needs to be deployed, and MSPs with recurring revenue, happy clients, and clean books are exactly what those investors are looking for. Businesses that have been around for ten or fifteen years, built by founders who are starting to think about what comes next, are particularly attractive.</p><p></p><h2>&#128994; UK small businesses are taking their time with AI. That's not a problem&#8230; it's your opportunity.</h2><p>MSP Channel Insights published a fresh piece yesterday on UK SMB AI adoption trends&#8230; and the headline finding is &#8220;cautious optimism&#8221;. <a href="https://msp-channel.com/news/72421/cautious-steps-uk-smbs-and-ai-adoption-trends">MSP Channel Insights</a></p><p>Among small businesses with 50-99 employees, 37% have fully embraced AI and almost half are using it selectively for high-impact tasks. But below that, in the 1-49 employee range that makes up the bulk of most MSPs&#8217; client bases, adoption drops sharply. </p><p>The gap between those two groups is almost entirely explained by one thing: access to someone who can help. Larger businesses have internal IT capacity. The smaller ones are luckier&#8230; they have you &#128515;</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!XG08!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!XG08!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!XG08!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!XG08!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!XG08!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!XG08!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/8626670a-f108-4548-be37-613df6dde46f_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1062461,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/200409509?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!XG08!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!XG08!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!XG08!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!XG08!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8626670a-f108-4548-be37-613df6dde46f_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s hump day done. We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Tuesday 2 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... a critical Windows flaw is being exploited on domain controllers... Dutch police took down a 17 million device botnet... and see you in Barcelona?]]></description><link>https://www.mspminute.com/p/the-msp-minute-tuesday-2-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-tuesday-2-june-2026</guid><pubDate>Tue, 02 Jun 2026 09:30:35 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!qzkV!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; A critical Windows Netlogon flaw is being actively exploited&#8230; and it goes straight for domain controllers</h2><p>If you manage Windows Server domain controllers for clients, this needs attention today.</p><p>CVE-2026-41089 is a CVSS 9.8 stack-based buffer overflow in Windows Netlogon, the service that handles authentication across every Windows domain environment. Belgium&#8217;s national cybersecurity authority confirmed active exploitation on Friday. An attacker sends a specially created network request to a domain controller and can execute arbitrary code remotely without authentication. <a href="https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/">BleepingComputer</a></p><p>Security researchers say this flaw is a fast path to forest-wide takeover. Every domain controller, every account, and every client site that shares the same domain.</p><p>Microsoft disclosed the vulnerability on May 12 and originally rated exploitation as &#8220;less likely.&#8221; Active exploitation has now been confirmed. The official fix arrives with June Patch Tuesday on June 10 (eight days away). </p><p>Given what&#8217;s at stake, waiting is not recommended. Acros Security has released micropatches for legacy Windows Server versions (2008 R2, 2012, 2012 R2) for environments that can&#8217;t wait. Watch for unusual Netlogon service crashes, unexpected authentication failures, and anomalous domain trust errors as potential signs of exploitation. <a href="https://www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/">Help Net Security</a></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Dutch police just took a 17 million-device botnet offline&#8230; did some of those devices belong to your clients' employees?</h2><p>The Dutch National Police and NCSC announced last week they had dismantled Asocks, a massive residential proxy botnet running across 17 million compromised consumer devices globally. <a href="https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/">BleepingComputer</a></p><p>A residential proxy botnet works by silently enslaving ordinary consumer devices such as home routers, smartphones, IoT equipment. And then routing criminal traffic through them. The result: cyberattacks appear to originate from legitimate residential IP addresses, bypassing IP reputation filters and making detection significantly harder.</p><p></p><h2>&#128994; MSP Global is heading back to Barcelona in October&#8230; and it's taking over a theme park again</h2><p>MSP Global 2026 returns to PortAventura theme park near Barcelona on October 21-22. 3,000+ MSPs and MSSPs will be there, for what the organisers describe as &#8220;the best parties the industry has ever seen.&#8221; </p><p>This year&#8217;s theme is &#8220;Serve Your Ecosystem&#8221;, focused on how MSPs can actively support and strengthen their wider partner and client ecosystems through AI, cybersecurity, compliance, and growth strategies. <a href="https://www.mspglobal.com/">MSP Global</a></p><p>If you subscribe to their newsletter you can get a free registration code, saving &#8364;399 on the standard attendee pass. </p><p>Rollercoasters and business growth. There are worse ways to spend two days.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!qzkV!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!qzkV!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!qzkV!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1842798,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/200261779?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!qzkV!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!qzkV!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F97ff74e6-3b0b-45ae-8272-64c8deff21da_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s your lot for Tuesday. We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Monday 1 June 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... ShinyHunters just added another 42 million records to their collection... a deadline for this month... and two big MSP events open this week]]></description><link>https://www.mspminute.com/p/the-msp-minute-monday-1-june-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-monday-1-june-2026</guid><pubDate>Mon, 01 Jun 2026 09:31:19 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!az8e!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; ShinyHunters breached Charter/Spectrum via one phone call&#8230; and 4.9 million customer records are now leaked</h2><p>A hacking group has accessed 4.9 million customer records with a well used playbook.</p><p>ShinyHunters breached Charter Communications (which operates Spectrum, the second largest cable and broadband provider in the US) by vishing a single employee and compromising their Microsoft Entra SSO account. From there, they pivoted straight into Salesforce and exported customer records. Charter refused to pay and some data is now publicly leaked. <a href="https://www.theregister.com/cyber-crime/2026/05/29/shinyhunters-adds-charter-to-trophy-shelf-after-49m-customer-records-leak/5248281">The Register</a></p><p>This is the same SSO-to-Salesforce attack chain used against ADT, Canvas, Carnival, and 7-Eleven this year. The pattern is now so established and so repeatable that ShinyHunters appear to have industrialised it.</p><p>If any of your clients use Microsoft Entra and Salesforce together, the conversation to have today is about whether an SSO account compromise would give an attacker direct access to their CRM.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Windows 11 26H1 drops on Friday&#8230; and your clients absolutely should not install it</h2><p>Microsoft confirmed last week that Windows 11 version 26H1 begins rolling out on June 5 (this Friday). Before that notification lands on any client machine, here&#8217;s what you need to know. <a href="https://blogs.windows.com/windows-insider/2026/05/29/announcing-new-builds-for-29-may-2026/">Windows Insider Blog</a></p><p>26H1 is not a standard feature update. It&#8217;s a hardware-optimised release built specifically for new devices launching in 2026 with next-generation silicon&#8230; think Qualcomm Snapdragon X2 Series and similar. It is explicitly not designed for existing devices and will not be offered through Windows Update to standard machines.</p><p>The problem is that any device that accidentally enrolls in 26H1, through Windows Insider settings or manual selection, cannot update to the next annual feature update later this year. Getting back to 25H2 requires a full reinstall.</p><p>For existing client devices, 25H2 and 24H2 remain the recommended versions and will continue receiving monthly security updates as normal. Worth checking that no client machines are enrolled in the Windows Insider Release Preview channel before Friday.</p><p></p><h2>&#128994; Two of the biggest events in the MSP calendar open this week: one in London, one in Salt Lake City</h2><p>Infosecurity Europe opens tomorrow at ExCeL London (June 2-4) with the Channel Zone returning for its second year. Dedicated sessions for MSPs, MSSPs, and resellers covering regulatory pressure, skills shortages, and the expanding attack surface. If you&#8217;re in London this week, it&#8217;s worth a visit. <a href="https://www.computerweekly.com/microscope/news/366641752/InfoSec-The-Channel-Zone-returns">Microscope</a></p><p>Then on Sunday, Pax8 Beyond 2026 opens in Salt Lake City (June 7-9) at the Salt Palace Convention Center. Three days of cybersecurity, AI, and business growth sessions alongside thousands of MSPs and vendors. Past attendees have described it as &#8220;the Super Bowl of user conferences.&#8221; <a href="https://www.pax8beyond.com/">Pax8 Beyond</a></p><p>If you&#8217;re heading to either, enjoy!</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!az8e!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!az8e!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 424w, https://substackcdn.com/image/fetch/$s_!az8e!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 848w, https://substackcdn.com/image/fetch/$s_!az8e!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!az8e!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!az8e!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1268383,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/200089458?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!az8e!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 424w, https://substackcdn.com/image/fetch/$s_!az8e!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 848w, https://substackcdn.com/image/fetch/$s_!az8e!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!az8e!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F863dcc08-f5f8-4ce8-b439-21ef6276c42b_1535x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s your Monday. We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Friday 29 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... $250 phishing kit is defeating Microsoft 365 MFA... a Secure Boot deadline is now less than four weeks away... and the MSP 501 results are almost here]]></description><link>https://www.mspminute.com/p/the-msp-minute-friday-29-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-friday-29-may-2026</guid><pubDate>Fri, 29 May 2026 09:31:22 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!FLE7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; FBI warning about a $250 phishing kit that defeats Microsoft 365 MFA completely</h2><p>Kali365 is a phishing-as-a-service platform sold on Telegram for as little as $250 for 30 days. First seen last month, it&#8217;s already been used in hundreds of confirmed attacks across manufacturing, education, government, financial services, and healthcare. Every single victim was using MFA. <a href="https://www.malwarebytes.com/blog/scams/2026/05/kali365-phishing-kit-bypasses-mfa-and-steals-microsoft-logins">Malwarebytes</a></p><p>The attack doesn&#8217;t steal passwords or intercept MFA codes. Instead it abuses Microsoft&#8217;s legitimate device code login flow&#8230; a real authentication feature designed for devices without keyboards, like smart TVs and printers. </p><p>The victim receives a convincing phishing email, is directed to a genuine Microsoft page, and enters a short device code. That single action hands the attacker a persistent OAuth token tied to the victim&#8217;s account. From that point, the attacker has ongoing access to Outlook, Teams, and OneDrive without ever needing to log in again&#8230; even if the victim changes their password.</p><p>The FBI&#8217;s IC3 published a formal advisory on May 21. The recommended mitigation: restrict or disable device code flow in your Microsoft 365 tenant unless it&#8217;s genuinely needed. For most SMB clients, it isn&#8217;t. Conditional Access policies blocking device code authentication are available in Entra ID. <a href="https://www.ic3.gov/PSA/2026/PSA260521">FBI IC3</a></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; The Secure Boot certificate deadline is now less than four weeks away (and you have to manually update Windows Server)</h2><p>We featured this a few weeks ago when Patch Tuesday first included the certificate update. It&#8217;s worth a reminder today because the deadline hasn&#8217;t moved and many estates still haven&#8217;t applied it properly.</p><p>The original Secure Boot certificates, issued in 2011, expire on June 26. Devices that received the May or June Patch Tuesday updates are covered automatically. Devices that aren&#8217;t patched enter a degraded security state after June 26 and cannot receive future boot-level protections. <a href="https://4sysops.com/archives/update-secure-boot-certificates-on-windows-server-and-vms-before-june-2026/">4sysops</a></p><p>Heads up: Windows Server does not apply this update automatically. Unlike desktop Windows, Server estates require manual deployment of the certificate rollout via Group Policy or WSUS.</p><p></p><h2>&#128994; The MSP 501 results are coming in June (which is coming on Monday)</h2><p>The 2026 MSP 501 application window closed three weeks ago. As you read this, the results are being scored and verified, with winners set to be announced in June via a reveal webcast. All 501 winners will then be celebrated at the MSP 501 Awards Gala at MSP Summit in Orlando on September 30. <a href="https://themspsummit.com/msp-501-awards/">MSP Summit</a></p><p>Now in its 19th year, the MSP 501 is the only industry ranking based on actual financial data (managed services revenue, recurring revenue percentage, year-on-year growth) rather than votes or nominations. If you applied this year, the wait is almost over. Hit reply and let us know, would you? </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!FLE7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!FLE7!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!FLE7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1884090,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/199713642?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!FLE7!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!FLE7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb15d158f-f51b-422b-b485-93985c2e6e7c_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Right, we&#8217;re through another week. We&#8217;ll be back in your inbox on Monday morning when it will be JUNE. The year&#8217;s going so fast &#128577; Have a great weekend.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Thursday 28 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... ransomware criminals are physically walking into offices... Microsoft's May patch broke something very specific... and the good guys really won.]]></description><link>https://www.mspminute.com/p/the-msp-minute-thursday-28-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-thursday-28-may-2026</guid><pubDate>Thu, 28 May 2026 09:31:34 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!5Nwa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; The FBI&#8217;s warning that ransomware criminals are now physically walking into law firm offices pretending to be IT support</h2><p>This is a scary one.</p><p>The Silent Ransom Group has been targeting US law firms since 2023 using phone-based social engineering. So, calling employees, impersonating IT support, and convincing them to open a remote desktop session. What&#8217;s new is when the phone call doesn&#8217;t work, they now send a person to visit. <a href="https://www.bleepingcomputer.com/news/security/fbi-warns-of-silent-ransom-group-in-person-data-theft-attacks/">BleepingComputer</a></p><p>The FBI issued a Flash Alert on Tuesday, its highest severity designation, confirming active in-person intrusions as of Spring 2026. The operative walks into reception posing as an IT technician, talks their way to a workstation, plugs in a USB drive, copies the data, and leaves. </p><p>Over 100 attacks confirmed. 38 firms have already had their data leaked publicly after refusing to pay. The most high-profile victim is a firm with over $1.5 billion in annual revenue. <a href="https://www.theregister.com/security/2026/05/27/fbi-crooks-enter-legal-offices-and-steal-data-via-usb-drive/5247212">The Register</a></p><p>Time to disable your clients&#8217; exposed USB ports on workstations in reception areas or open-plan offices??</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Microsoft's May patch broke domain controller lookups&#8230; but only if your server hostname is exactly 15 characters long</h2><p>This is the most comically specific Windows bug in recent memory.</p><p>Microsoft confirmed on May 26 that KB5087537, part of this month&#8217;s Patch Tuesday, causes domain controller lookup failures on Windows Server 2016 systems&#8230; but only where the server hostname is exactly 15 characters long. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-domain-controller-lookup-may-fail-on-windows-server-2016/">BleepingComputer</a></p><p>When affected, DCLocator calls return ERROR_INVALID_PARAMETER, meaning applications, scripts, and administrative tools can&#8217;t locate a domain controller at all. It looks like a DNS problem, or a firewall problem, or a replication problem&#8230; until someone checks the hostname length.</p><p>No fix timeline from Microsoft yet. The suggested workaround is to rename the server to a hostname of a different length.</p><p></p><h2>&#128994; CrowdStrike and Google dismantled a botnet that was hiding inside a blockchain. Yes, really</h2><p>Yesterday&#8217;s Glassworm botnet takedown is worth knowing about. Not because it directly affects most MSPs, but because of how the good guys had to approach it.</p><p>Glassworm has been targeting software developers since October 2025, hiding malware inside VS Code extensions, npm packages, PyPI libraries, and GitHub repositories. The clever part: its operators built four separate command-and-control channels specifically designed to survive takedowns. Including one that encoded instructions inside Solana blockchain transactions, which are immutable and can&#8217;t be deleted or seized by anyone. <a href="https://www.bleepingcomputer.com/news/security/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown/">BleepingComputer</a></p><p>CrowdStrike, Google, and the Shadowserver Foundation had to hit all four channels simultaneously on Tuesday at 14:00 UTC&#8230; because taking out three of four would have left the botnet operational. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!5Nwa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!5Nwa!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!5Nwa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1898747,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/199573380?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!5Nwa!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!5Nwa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F44f74ed0-ef5d-46a5-b3ba-b4d412fcc499_1402x1122.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>OK, that&#8217;s Thursday done. We&#8217;ll be back in your inbox tomorrow morning for the final time this week. Have a terrific day.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Wednesday 27 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... MFA prompt bombing... 800 servers used for cyber attacks are seized... and when The Boss vibe codes an app.]]></description><link>https://www.mspminute.com/p/the-msp-minute-wednesday-27-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-wednesday-27-may-2026</guid><pubDate>Wed, 27 May 2026 09:31:04 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-OUT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Attackers have stopped trying to steal your clients' MFA codes. They just wait for someone to approve a fake request instead</h2><p>MFA was supposed to close the door on account takeovers, right? But it hasn&#8217;t&#8230; because attackers stopped trying to steal the second factor and started exploiting the human approving it instead.</p><p>This technique is called MFA prompt bombing. An attacker gets hold of valid credentials, easily sourced from breached password dumps, then repeatedly triggers push notification requests to the victim&#8217;s phone. </p><p>Dozens of them, sometimes hundreds. The goal is simple: wear the person down until they approve one just to make it stop. And it works. Regularly. <a href="https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html">The Hacker News</a></p><p>The more sophisticated version pairs the bombing with a vishing call. Someone rings the victim pretending to be from IT support, explains there&#8217;s a system issue, and asks them to approve the next notification to resolve it. </p><p>Three practical things you can do to protect clients from this:</p><ol><li><p>Switch push-only MFA to number matching. The user has to type a code shown on screen into their phone rather than just tapping approve, which breaks the prompt bombing technique entirely</p></li><li><p>Set alert thresholds for repeated failed MFA prompts. Three or more in quick succession should trigger an investigation, not just a log entry</p></li><li><p>Tell clients explicitly: if they receive unexpected MFA requests they didn&#8217;t initiate, the answer is always no&#8230; and they should call your team immediately.</p></li></ol><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Dutch police seized 800 servers and arrested two people for running infrastructure that enabled global cyberattacks</h2><p>A coordinated operation by the Dutch National High Tech Crime Unit last week took down one of Europe&#8217;s largest bulletproof hosting operations&#8230;seizing 800 servers and arresting two people running the infrastructure. <a href="https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/">Krebs on Security</a></p><p>Bulletproof hosting is the engine room of cybercrime. Servers specifically configured to ignore takedown requests and abuse complaints, rented to ransomware groups, phishing operations, and DDoS-for-hire services. </p><p>The seized infrastructure was being used by multiple active threat groups to host command-and-control servers, malware distribution points, and stolen credential databases.</p><p></p><h2>&#128994; The Boss wrote an AI app. Management love it. Now everyone has to use it&#8230;</h2><p>This week&#8217;s BOFH column from The Register is required reading if you ever deployed software you didn&#8217;t choose, to users who didn&#8217;t want it, on behalf of a decision maker who didn&#8217;t understand it. <a href="https://www.theregister.com/bofh/2026/05/22/bofh-vibe-coded-solutions-arrive-for-problems-nobody-has/5243976">The Register</a></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!-OUT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!-OUT!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!-OUT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png" width="1122" height="1402" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1402,&quot;width&quot;:1122,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1597953,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/199430026?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!-OUT!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!-OUT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29c7c59c-fffa-421f-847f-83b7a90f34d0_1122x1402.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s it for Wednesday. We&#8217;ll be back in your inbox tomorrow morning. Have a great day.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Tuesday 26 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... three maximum-severity flaws in a network device... the Windows zero-day researcher banned... and when the marketing people have "smart ideas"]]></description><link>https://www.mspminute.com/p/the-msp-minute-tuesday-26-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-tuesday-26-may-2026</guid><pubDate>Tue, 26 May 2026 09:31:27 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!3zOC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Ubiquiti just patched three maximum-severity flaws in UniFi OS&#8230; and MSPs are specifically named as at risk</h2><p>If you manage UniFi devices for clients, this needs attention today.</p><p>On May 22, Ubiquiti released emergency patches for three CVSS 10.0 vulnerabilities in UniFi OS&#8230; the operating system powering Dream Machines, Cloud Gateways, and network appliances found extensively in MSP-managed environments. All three can be exploited remotely without authentication and without user interaction. <a href="https://www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/">BleepingComputer</a></p><ul><li><p>CVE-2026-34908 allows an unauthenticated attacker to make sweeping unauthorised changes to the entire system</p></li><li><p>CVE-2026-34909 allows file traversal; reading sensitive files and taking over underlying accounts</p></li><li><p>CVE-2026-34910 enables command injection once network access is established. </p></li></ul><p>Two further critical flaws were patched at the same time.</p><p>Censys is tracking nearly 100,000 internet-exposed UniFi OS endpoints globally. No active exploitation has been confirmed yet. But Ubiquiti products have previously been targeted by both state-backed groups and ransomware operators to build botnets and proxy malicious traffic. The window between patch release and active exploitation is getting shorter every month.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; GitHub banned Nightmare-Eclipse. They've moved to GitLab&#8230; and set a new deadline of July 14</h2><p>Following on from our recent coverage, GitHub has terminated the Nightmare-Eclipse account that hosted all six unpatched Windows zero-day exploits. <a href="https://cybernews.com/security/github-bans-researcher-releasing-windows-zero-days/">Cybernews</a></p><p>The researcher has immediately moved to GitLab, reposted all six exploits, and issued a new warning. July 14 is now being flagged as a significant date, with hints at remote code execution vulnerabilities still in reserve. The &#8220;big surprise&#8221; previously threatened for June Patch Tuesday remains on the table.</p><p>Microsoft has not commented beyond acknowledging the individual CVEs as they&#8217;ve been disclosed. The exploits remain active, some of which remain confirmed working on fully patched Windows 11 systems, and are being used in real attacks linked to Russian-geolocated infrastructure.</p><p>June 10 is the next Patch Tuesday. What do you think is going to happen in the next couple of months?</p><p></p><h2>&#128994; Marketing had a brilliant idea. IT looked into it&#8230; and realised it had already been implemented</h2><p>The Register&#8217;s On Call column last Friday featured a reader called Hamish, who worked at a British retailer. A senior member of the marketing team had a breakthrough insight: they should add Apple Pay to the company&#8217;s website. Management approved it enthusiastically and it landed on Hamish&#8217;s desk. <a href="https://www.theregister.com/software/2026/05/22/marketing-demanded-it-add-website-feature-that-was-already-working/5242367">The Register</a></p><p>Spoiler alert&#8230; the website already had Apple Pay. And had done for months!!</p><p>Hamish had the satisfaction of closing a ticket for a feature he hadn&#8217;t needed to build.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!3zOC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!3zOC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!3zOC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png" width="1122" height="1402" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1402,&quot;width&quot;:1122,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1602157,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/199299565?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!3zOC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!3zOC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F619d4c94-f3d0-4428-89aa-235edcad3032_1122x1402.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s it for today. We&#8217;ll be back in your inbox tomorrow morning. Have a great day.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Friday 22 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Microsoft just dismantled a criminal operation... AI agents are changing what MSPs need to deliver for clients... and Elon's space AI for your client?]]></description><link>https://www.mspminute.com/p/the-msp-minute-friday-22-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-friday-22-may-2026</guid><pubDate>Fri, 22 May 2026 09:30:05 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!BdiZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Microsoft took down a malware-signing service used by multiple ransomware gangs&#8230; including ones targeting your clients</h2><p>Microsoft&#8217;s Digital Crimes Unit has dismantled Fox Tempest, a criminal operation that ran as a signing-as-a-service platform for ransomware groups. </p><p>Attackers would submit their malware binaries and receive back digitally signed versions that appeared to be legitimate software. The signed malware was then distributed disguised as installers for Microsoft Teams, AnyDesk, PuTTY, and Webex&#8230; yes, the exact tools your clients trust and download regularly. <a href="https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html">The Hacker News</a></p><p>Microsoft seized the Fox Tempest domain, took hundreds of virtual machines offline, and revoked over 1,000 fraudulent code-signing certificates.</p><p>The practical takeaway for your clients is how important it is to verify software downloads through official sources. These fake installers reach victims when someone clicked a sponsored result that wasn&#8217;t the official software. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; AI agents are changing what clients expect from their MSP</h2><p>Zendesk announced at its Relate conference this week a fundamental shift: from chatbot deflection to autonomous AI agents across its entire platform. And it was explicit that channel partners are central to making it work. <a href="https://www.channeldive.com/news/zendesk-agentic-ai-crm-partner-opportunties/820753/">Channel Dive</a></p><p>The SVP of partner sales told Channel Dive: &#8220;This is really a move from helping customers set up simple bots to helping them rethink how service gets done. It&#8217;s less about how do we deflect this ticket, and more about how we design an AI-powered service operation that actually resolves issues end to end.&#8221;</p><p></p><h2>&#128994; SpaceX just filed for the biggest IPO in history. And buried inside is something relevant to MSPs</h2><p>SpaceX filed its S-1 with the SEC on Wednesday. It&#8217;s the formal start of what could be the largest IPO in corporate history, targeting a Nasdaq listing under the ticker SPCX in June. <a href="https://fortune.com/2026/05/20/spacex-ipo-filing-s1-total-addressable-market-make-life-multiplanetary/">Fortune</a></p><p>The fun bit buried in the filing: Did you know that Starlink accounts for 70% of revenue?</p><p>And SpaceX plans to begin deploying AI compute satellites into Sun-synchronous orbit as early as 2028, effectively positioning space as the next data centre frontier, powered by solar energy. They&#8217;re calling it orbital AI infrastructure. Fancy.</p><p>The MSP angle: Starlink Business is already a growing line in MSP service catalogues (especially for clients in rural or remote locations, or as a backup connectivity solution).</p><p>If SpaceX goes public at the valuations being discussed, Starlink&#8217;s investment in its business product line is only going one way. Worth knowing about before your clients ask.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!BdiZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!BdiZ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!BdiZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png" width="1122" height="1402" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/aad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1402,&quot;width&quot;:1122,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1276382,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/198817491?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!BdiZ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 424w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 848w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 1272w, https://substackcdn.com/image/fetch/$s_!BdiZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faad68003-1c95-4f6a-9f66-079807da47e7_1122x1402.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That&#8217;s your lot for this week. We&#8217;re having a day off on Monday as i&#8217;s a public holiday here in the UK. So we&#8217;ll be back in your inbox on Tuesday morning. Have a great weekend.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Thursday 21 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... 7-Eleven confirmed hackers got in... a major ERP vendor decided it only wants to sell through the channel... and an AI embarassed itself]]></description><link>https://www.mspminute.com/p/the-msp-minute-thursday-21-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-thursday-21-may-2026</guid><pubDate>Thu, 21 May 2026 09:31:22 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!YGBe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; 7-Eleven just confirmed ShinyHunters breached its Salesforce environment</h2><p>7-Eleven, which has 86,000 stores and 100 million loyalty programme members globally, officially confirmed this week that ShinyHunters breached its systems via its Salesforce environment.</p><p>It happened on April 8. 600,000 records containing personal information and internal corporate data were stolen. The group listed them on its leak site on April 17 with a ransom deadline. 7-Eleven didn&#8217;t pay. And so ShinyHunters is now selling the data for $250,000. <a href="https://www.bleepingcomputer.com/news/security/7-eleven-confirms-data-breach-claimed-by-the-shinyhunters-gang/">BleepingComputer</a></p><p>The attack method is the one worth noting. ShinyHunters didn't exploit a Salesforce vulnerability. The intrusion came from outside the platform itself. This is exactly the same playbook used against ADT, Instructure, Vimeo, Medtronic, and Zara this year. Every one of those organisations had Salesforce and thought they were protected.</p><p>If any of your clients use Salesforce, or any major cloud CRM, the conversation to have today is about third-party integration hygiene and OAuth app permissions. The door ShinyHunters keeps walking through isn&#8217;t a Salesforce problem. It&#8217;s a configuration problem.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; A multi billion ERP vendor just restructured its entire business to run through channel partners</h2><p>Infor, one of the world&#8217;s largest enterprise software companies specialising in industry-specific ERP and cloud solutions, has announced it&#8217;s going all-in on the channel. <a href="https://www.channeldive.com/news/infor-erp-cloud-ai-partner-program-aws/820637/">Channel Dive</a></p><p>The restructuring means Infor&#8217;s resellers, MSPs, and system integrators will now be the primary route to market for its cloud ERP and AI products globally. </p><p>The company has launched a new partner programme on AWS Marketplace, and simplified its commercial model specifically designed to help channel partners win mid-market manufacturing, distribution, and healthcare accounts.</p><p>ERP has historically been a hard sell for MSPs&#8230; complex, long-cycle, and dominated by vendor direct teams. Infor is explicitly changing that model. If you have clients in manufacturing, food and beverage, healthcare, or distribution who are running legacy ERP systems, this is worth a look.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-thursday-21-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">MSP Minute is free every weekday for all MSPs. Please share the love with a friend</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-thursday-21-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.mspminute.com/p/the-msp-minute-thursday-21-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>&#128994; An AI was put in charge of reading names at a graduation. It skipped hundreds of them&#8230;</h2><p>Helping to prove that AI isn&#8217;t ready to replace everything just yet&#8230;</p><p>An Arizona college replaced its human announcer with an AI system to read student names at this year&#8217;s graduation ceremony. </p><p>The AI skipped hundreds of names entirely, leaving students to walk across the stage in complete silence while their families waited to hear their moment called out. Students and families are furious. <a href="https://www.nbcnews.com/news/us-news/arizona-college-skips-several-graduates-ai-malfunction-commencement-ce-rcna346182">NBC</a></p><p>The college said it switched to AI to save money. Sometimes the old way is just fine.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!YGBe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!YGBe!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!YGBe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/d821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1705308,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/198666606?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!YGBe!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!YGBe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd821fa75-34cd-4340-bcbe-0af3123f7e4a_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Exciting stuff. We&#8217;re into Thursday, and that&#8217;s the highway to the weekend. Enjoy yourself today. We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Wednesday 20 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... a sixth Windows zero-day dropped and it works on fully patched machines... Microsoft's channel conflict... and a hidden partition is breaking updates.]]></description><link>https://www.mspminute.com/p/the-msp-minute-wednesday-20-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-wednesday-20-may-2026</guid><pubDate>Wed, 20 May 2026 09:30:40 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!qErb!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Nightmare-Eclipse just dropped a sixth Windows zero-day&#8230; and this one was supposed to be fixed in 2020</h2><p>Six exploits in six weeks. This is one very determined researcher.</p><p>Nightmare-Eclipse published MiniPlasma on Monday. It&#8217;s a privilege escalation zero-day that gives any standard user full system-level access on fully patched Windows 11 machines running the latest May 2026 updates. </p><p>BleepingComputer, Will Dormann and ThreatLocker all confirmed it works. <a href="https://blog.barracuda.com/2026/05/19/nightmare-eclipse-zero-days-grudge">Barracuda</a></p><p>The flaw targets the Windows Cloud Filter driver, the component that handles OneDrive and cloud-backed file sync. It was originally reported to Microsoft by Google Project Zero researcher James Forshaw back in September 2020. Microsoft said they fixed it in December 2020. The original proof-of-concept code still works without modification.</p><p>No patch until June 10 at the earliest. In the meantime, Barracuda&#8217;s profile of this researcher, published yesterday, is worth reading. </p><ul><li><p>The exploits are linked to Russian-geolocated infrastructure</p></li><li><p>The researcher has promised &#8220;a big surprise&#8221; for June Patch Tuesday</p></li><li><p>And has deployed a dead man&#8217;s switch with more exploits set to release automatically if certain conditions are met</p></li></ul><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; Microsoft just eliminated bulk enterprise discounts. And MSPs are losing midmarket deals because of it</h2><p>Channel Dive published yesterday that Microsoft&#8217;s decision to remove bulk enterprise agreement discounts is creating significant channel conflict&#8230; and the midmarket is feeling it most. <a href="https://www.channeldive.com/news/microsoft-licensing-ignites-a-midmarket-battle-shi-ntiva-sherweb-opkalla-criterion/820533/">Channel Dive</a></p><p>Customers are shopping around. Deals that MSPs considered locked are being lost as clients find lower per-seat pricing through direct or alternative routes. The elimination of volume discounts means the price advantage that used to reward loyalty and consolidation is gone. And clients are noticing.</p><p>The practical question for MSPs with midmarket Microsoft customers: when did you last have a proactive conversation about licensing costs and value? If the answer is &#8220;at renewal,&#8221; that might be too late. </p><p>The MSPs holding those relationships through this shift are the ones having the conversation before the client starts shopping around.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-wednesday-20-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">MSP Minute is free every weekday for all MSPs. Please share the love with a friend</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-wednesday-20-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.mspminute.com/p/the-msp-minute-wednesday-20-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>&#128994; A hidden 100MB partition nobody thinks about is breaking Windows updates across client estates</h2><p>File this under &#8220;the most classic IT problem in existence&#8221;.</p><p>Microsoft confirmed this week that the May Windows 11 update (KB5089549) is failing to install on some machines with a cryptic error that rolls back at 35% completion. </p><p>The cause: the EFI System Partition, a tiny hidden boot partition that Windows actively conceals from users, is running out of space. OEM firmware updates and old deployment images have quietly filled it over the years on affected devices. When the partition hits 10MB or less of free space, the security update fails. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-kb5089549-windows-11-security-update-install-issues/">BleepingComputer</a></p><p>The fix is already out. Microsoft pushed a Known Issue Rollback automatically to most consumer and unmanaged devices, so a restart resolves it on most affected machines. For managed enterprise fleets, there&#8217;s a Group Policy mitigation available.</p><p>But the underlying issue doesn&#8217;t go away with the rollback. Every time Microsoft does more work in the boot environment: Secure Boot certificates, BitLocker, TPM measurements&#8230; this hidden partition gets a little fuller. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!qErb!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!qErb!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!qErb!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!qErb!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!qErb!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!qErb!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1801791,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/198514369?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!qErb!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!qErb!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!qErb!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!qErb!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F77ec7863-e345-4e3e-bbf8-ca2df514eaa4_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Okay, that&#8217;s Wednesday done. Have a great day. We&#8217;ll be back in your inbox tomorrow morning.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Tuesday 19 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... the biggest breach report numbers are eye-opening... identity attacks are now the dominant threat... and the good guys had a very good week]]></description><link>https://www.mspminute.com/p/the-msp-minute-tuesday-19-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-tuesday-19-may-2026</guid><pubDate>Tue, 19 May 2026 09:30:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!C8rp!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; The 2026 Verizon DBIR is out today&#8230; and two thirds of all breaches now start with identity</h2><p>The 2026 Verizon Data Breach Investigations Report confirms what&#8217;s been building for years: identity is now the dominant attack surface. </p><p>Two thirds of all breaches investigated began with an identity-related attack: stolen credentials, session hijacking, or MFA bypass. Vulnerability exploitation jumped 34% year on year. And third-party breaches now account for 30% of all incidents, double the previous year&#8217;s figure. <a href="https://www.verizon.com/business/resources/reports/dbir/">Verizon</a></p><p>Let&#8217;s look at the SMB numbers. Ransomware appeared in 88% of SMB breach incidents, compared to just 39% at large organisations. Your clients are not collateral damage in attacks aimed at big companies. They&#8217;re the primary target.</p><p>The report also confirms that 64% of ransomware victims now refuse to pay, up from 50% two years ago. And median ransom payments have fallen from $150,000 to $115,000. But the volume of attacks keeps climbing regardless.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; 71% of organisations had at least one identity breach last year. Most didn't spot it quickly</h2><p>Another report&#8230; Sophos published its State of Identity Security 2026 report last week. They surveyed 5,000 IT and cybersecurity leaders across 17 countries, and it reads as a direct companion to the Verizon DBIR. <a href="https://www.helpnetsecurity.com/2026/05/14/sophos-2026-identity-breach-costs-report/">Help Net Security</a></p><ul><li><p>71% of organisations suffered at least one identity-related breach in the past 12 months</p></li><li><p>The average organisation reported three separate incidents</p></li><li><p>And only 24% continuously monitor for unusual login attempts&#8230; meaning the majority of these breaches had a significant undetected window before anyone noticed.</p></li></ul><p>The specific number to act on: only 34% of organisations regularly audit or rotate service accounts. As AI agents multiply across client environments, each one creating new credentials and demanding persistent access, that gap is going to become significantly more dangerous. </p><p>If identity monitoring and service account hygiene aren&#8217;t already in your security stack conversation with clients, both reports published this week give you everything you need to start it.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-tuesday-19-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">MSP Minute is free every weekday for all MSPs. Please share the love with a friend</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-tuesday-19-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.mspminute.com/p/the-msp-minute-tuesday-19-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>&#128994; The good guys just found 47 zero-days in three days&#8230; and got paid $1.3 million for it</h2><p>Pwn2Own Berlin 2026 wrapped up on Saturday and it was a good week for the white hats.</p><p>Security researchers collected $1,298,250 in rewards over three days after finding and exploiting 47 unique zero-day vulnerabilities across Windows 11, Microsoft Exchange, Microsoft Edge, VMware ESXi, Red Hat Linux, and AI coding agents. Every single one of those vulnerabilities gets reported privately to the vendor, who then has 90 days to patch before any details become public. <a href="https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/">BleepingComputer</a></p><p>DEVCORE took the Master of Pwn title with 50.5 points and $505,000. The standout moment was Orange Tsai&#8217;s $200,000 payday for chaining three bugs to achieve remote code execution with system privileges on Microsoft Exchange.</p><p>The whole point of Pwn2Own is easy to lose in the headline numbers: this is organised, paid, responsible disclosure. Every bug found here is a bug that gets patched rather than sold to the highest bidder on the dark web. It is, in the most literal sense, hackers making the world safer. High five to the white hats!</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!C8rp!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!C8rp!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!C8rp!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1590627,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/198374013?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!C8rp!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!C8rp!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3e8a87c9-17cc-44bb-a03b-4ff51a6b9237_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Right, enjoy your Tuesday. We&#8217;ll be back in your inbox tomorrow morning. See you then.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Monday 18 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... Microsoft Exchange has an actively exploited zero-day... a big managed services report landed... and a small Mediterranean island just made history]]></description><link>https://www.mspminute.com/p/the-msp-minute-monday-18-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-monday-18-may-2026</guid><pubDate>Mon, 18 May 2026 09:30:40 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!icqa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; Microsoft Exchange has an actively exploited zero-day&#8230; and there's no permanent patch yet</h2><p>If you manage on-premises Exchange for any clients, heads up on this. </p><p>Microsoft disclosed CVE-2026-42897 on Thursday. It&#8217;s a cross-site scripting vulnerability in Exchange Server 2016, 2019, and Subscription Edition that&#8217;s being actively exploited in the wild. </p><p>An attacker sends an email; if the recipient opens it in Outlook Web Access, arbitrary JavaScript executes in their browser session. From there, an attacker can steal session cookies, spoof content, or perform actions on behalf of the user. Exchange Online is not affected. <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/">BleepingComputer</a></p><p>A permanent patch is still in development. In the meantime Microsoft has issued automatic mitigations via its Exchange Emergency Mitigation Service. If you have EEMS enabled, it should have applied already. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; New data: 98% of companies say AI is now a core managed services requirement</h2><p>KPMG&#8217;s 2026 Managed Services Outlook, published last week and based on surveys of 1,224 senior leaders involved in managed services decisions, gives one of the clearest reads yet on where the market is heading.</p><p>98% of respondents say AI implementation is now a critical managed services capability. And AI management is expected to become the single largest area of managed services investment over the next two years, say 56% of respondents. <a href="https://www.channele2e.com/news/channel-brief-the-messy-middle-is-the-msp-opportunity">ChannelE2E</a></p><p>How does that change your AI plans going forward?</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-monday-18-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">MSP Minute is free every weekday for all MSPs. Please share the love with a friend</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-monday-18-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.mspminute.com/p/the-msp-minute-monday-18-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>&#128994; A small Mediterranean island just became the first country in the world to give every citizen free AI</h2><p>Malta, a country smaller than most cities with a population of just 574,000, announced on Saturday that it has struck a world-first deal with OpenAI.</p><p>Every Maltese resident and citizen gets a free year of ChatGPT Plus. The catch: they have to complete a government-backed AI literacy course first, developed by the University of Malta, covering what AI is, what it can&#8217;t do, and how to use it responsibly. <a href="https://openai.com/index/malta-chatgpt-plus-partnership/">OpenAI</a></p><p>No national government has done this before. Could you imagine this happening where you live??</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!icqa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!icqa!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!icqa!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!icqa!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!icqa!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!icqa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/fd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2060014,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/198222157?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!icqa!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!icqa!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!icqa!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!icqa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffd5fc2af-aa00-4b93-8087-a3e02d817642_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Hokey doke, that&#8217;s Monday done. We&#8217;ll be back in your inbox tomorrow morning. See you then.</p>]]></content:encoded></item><item><title><![CDATA[The MSP Minute ⏱ Friday 15 May 2026]]></title><description><![CDATA[For Managed Service Providers worldwide. Today... two more unpatched Windows zero-days... the most comprehensive MSP market report just landed... and possibly the best tech story of the year]]></description><link>https://www.mspminute.com/p/the-msp-minute-friday-15-may-2026</link><guid isPermaLink="false">https://www.mspminute.com/p/the-msp-minute-friday-15-may-2026</guid><pubDate>Fri, 15 May 2026 09:30:59 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!YYaW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>&#128308; A disgruntled researcher just dropped two more unpatched Windows zero-days&#8230; and has threatened more are coming</h2><p>Do you remember BlueHammer, RedSun, and UnDefend? All Windows Defender exploits dropped by an anonymous researcher called Nightmare-Eclipse earlier this year. They were exploited in real attacks within days of publication.</p><p>This week Nightmare-Eclipse dropped two more unpatched zero-days: YellowKey and GreenPlasma. </p><p>YellowKey allows an attacker with physical access to a Windows 11 or Server 2022/2025 machine to bypass BitLocker encryption entirely. Plug in a USB drive, reboot into Windows Recovery Environment, enter a key sequence, and unrestricted access to the supposedly encrypted volume is granted. Independent security researcher Kevin Beaumont confirmed the exploit works. <a href="https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/">BleepingComputer</a></p><p>GreenPlasma is a privilege escalation flaw that hands system-level access to unprivileged users. The PoC is incomplete but security researchers say it&#8217;s enough of a starting point for a determined attacker to finish the job.</p><p>No patches yet. The researcher has claimed a &#8220;dead man&#8217;s switch&#8221; with more exploits ready to publish. Microsoft has not yet commented on the specific exploits. <a href="https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758">The Register</a></p><p>For clients with laptops, BitLocker alone is no longer sufficient. A PIN requirement on top of BitLocker is the recommended mitigation for YellowKey right now.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading. Subscribe for free to get this MSP summary every weekday morning</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p><h2>&#128993; The most comprehensive snapshot of the MSP market just dropped. And the AI revenue gap is widening</h2><p>GTIA published its State of the Channel 2026 global report this week, and of course, the headline is about AI. <a href="https://gtia.org/blog/state-of-the-channel-2026-a-global-industry-in-motion">GTIA</a></p><p>AI is already generating meaningful revenue for a significant portion of MSPs. </p><ul><li><p>In the UK and Ireland, over a third of providers report that between 11% and 25% of their revenue now comes from AI-related products and services</p></li><li><p>In North America, a quarter of MSPs self-identify as AI-driven, and are already generating AI revenue.</p></li></ul><p>The gap between those MSPs and the ones still figuring out where AI fits is starting to widen. The report is free to access for GTIA members.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-friday-15-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">MSP Minute is free every weekday for all MSPs. Please share the love with a friend</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.mspminute.com/p/the-msp-minute-friday-15-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.mspminute.com/p/the-msp-minute-friday-15-may-2026?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>&#128994; Someone just recovered $400,000 in Bitcoin they'd locked themselves out of 11 years ago. The story involves AI, an old college computer, and a very rude password</h2><p>In 2015, a college student bought Bitcoin at $250 a coin, changed their wallet password while drunk, and immediately forgot what they&#8217;d typed. </p><p>The wallet sat untouched for over eleven years while they tried approximately 7 trillion password combinations across multiple recovery tools. Nothing worked. </p><p>In a last-ditch effort recently, they dumped the entire contents of an old college computer into Claude. Which found a forgotten wallet backup file predating the password change, identified a bug in the recovery tool that had been silently blocking every previous attempt, and fixed it. </p><p>The wallet unlocked. And five Bitcoin, now worth approximately $400,000, were recovered. What a story! <a href="https://www.tomshardware.com/tech-industry/cryptocurrency/bitcoin-trader-recovers-usd400-000-using-claude-ai-after-losing-wallet-password-11-years-ago-bot-tried-3-5-trillion-passwords-before-decrypting-an-old-wallet-backup">Tom&#8217;s Hardware</a> <em>(fair warning: this contains some fruity language)</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!YYaW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!YYaW!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!YYaW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2358412,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://www.mspminute.com/i/197821011?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!YYaW!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!YYaW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48397858-1e41-440b-a463-ce1845d11a5e_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Hooray! We made it through to the weekend. Have a great one. We&#8217;ll be back in your inbox on Monday morning.</p>]]></content:encoded></item></channel></rss>