🔴 ShinyHunters breached Charter/Spectrum via one phone call… and 4.9 million customer records are now leaked

A hacking group has accessed 4.9 million customer records with a well used playbook.

ShinyHunters breached Charter Communications (which operates Spectrum, the second largest cable and broadband provider in the US) by vishing a single employee and compromising their Microsoft Entra SSO account. From there, they pivoted straight into Salesforce and exported customer records. Charter refused to pay and some data is now publicly leaked. The Register

This is the same SSO-to-Salesforce attack chain used against ADT, Canvas, Carnival, and 7-Eleven this year. The pattern is now so established and so repeatable that ShinyHunters appear to have industrialised it.

If any of your clients use Microsoft Entra and Salesforce together, the conversation to have today is about whether an SSO account compromise would give an attacker direct access to their CRM.

🟡 Windows 11 26H1 drops on Friday… and your clients absolutely should not install it

Microsoft confirmed last week that Windows 11 version 26H1 begins rolling out on June 5 (this Friday). Before that notification lands on any client machine, here’s what you need to know. Windows Insider Blog

26H1 is not a standard feature update. It’s a hardware-optimised release built specifically for new devices launching in 2026 with next-generation silicon… think Qualcomm Snapdragon X2 Series and similar. It is explicitly not designed for existing devices and will not be offered through Windows Update to standard machines.

The problem is that any device that accidentally enrolls in 26H1, through Windows Insider settings or manual selection, cannot update to the next annual feature update later this year. Getting back to 25H2 requires a full reinstall.

For existing client devices, 25H2 and 24H2 remain the recommended versions and will continue receiving monthly security updates as normal. Worth checking that no client machines are enrolled in the Windows Insider Release Preview channel before Friday.

🟢 Two of the biggest events in the MSP calendar open this week: one in London, one in Salt Lake City

Infosecurity Europe opens tomorrow at ExCeL London (June 2-4) with the Channel Zone returning for its second year. Dedicated sessions for MSPs, MSSPs, and resellers covering regulatory pressure, skills shortages, and the expanding attack surface. If you’re in London this week, it’s worth a visit. Microscope

Then on Sunday, Pax8 Beyond 2026 opens in Salt Lake City (June 7-9) at the Salt Palace Convention Center. Three days of cybersecurity, AI, and business growth sessions alongside thousands of MSPs and vendors. Past attendees have described it as “the Super Bowl of user conferences.” Pax8 Beyond

If you’re heading to either, enjoy!

That’s your Monday. We’ll be back in your inbox tomorrow morning.