Arch Technologies

06/04/2026

A new phishing campaign is mimicking Google Workspace pages to steal login codes and certificates. Even tech-savvy users can be fooled by these perfect clones. Have you trained your team on how to spot the latest fake login pages?

Attackers are impersonating a Linux Foundation leader and social engineering open source developers via Slack.

06/03/2026

If a website ever tells you to press Windows Key + R, close the tab. That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card... You click a Google result that takes you to a hacked website. A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human. The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself. No file was downloaded, so antivirus has nothing to scan. The browser shows no warning. From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:
✅Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.

✅Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.

✅Make sure your endpoint protection is doing behavioral monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling for a fake CAPTCHA. They're designed to look real. But once your team knows the keystroke trick, this scam stops working on them.

06/01/2026

A new CNET survey found that while you can recycle or trade in your old smartphone for cash, 29% of Americans are still stashing devices at home and others are tossing them in the trash.

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers.

05/30/2026

Don't fall for this clever trap! Hackers are using fake Google Security pages to trick users into installing malicious web apps that bypass multi-factor authentication and steal passwords. Make sure your team knows how to spot this scam!

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers.

05/30/2026

https://archtechllc.com/news/the-session-cookie-hijack-why-mfa-cant-always-save-you/

05/29/2026

Have you ever seen a smartphone that transforms into a robot, or a laptop screen that renders 3D models right before your eyes? MWC 2026 was packed with jaw dropping concept gadgets that look like pure sci-fi.

From robots doing backflips to video game cars that can drive on real roads, this year's show has had a lot going on.

05/29/2026

Need maximum power for your creative business? The new 16-inch MacBook Pro hides a monster under the hood! With the blazing-fast M5 Max chip and 27 hours of battery life, it's a mobile workstation dream.

The 2026 MacBook Pro 16-inch with M5 Max is a professional-laptop powerhouse that pairs the groundbreaking efficiency of the new M5 "super core" architecture with jaw-dropping battery life and future-ready Thunderbolt 5 connectivity.

05/27/2026

Cybercriminals are getting creative! A new "Zombie ZIP" technique is sneaking malware past 50 different antivirus engines by tricking the software into misreading the archive files. Are your business's defense systems ready for this?

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

05/27/2026

If you run a business, an employee can easily email your client list to their personal account, whether by accident or on purpose.

Most companies just trust their staff not to do this. But you need a technical rule that stops sensitive data from leaving your network in the first place. If you use Microsoft 365, you can use a tool called Microsoft Purview to set up Data Loss Prevention rules.

When you turn this on, the system scans every outgoing email, Teams messages, SharePoint/OneDrive files, endpoint devices, browser activity, and Microsoft 365 Copilot prompts before processing. If it detects sensitive information like Social Security numbers, credit card details, or specific internal company tags, it physically blocks the email.

You do not have to monitor employees manually.

05/26/2026

Hackers just used Microsoft Intune to wipe 80,000 devices at a major medical tech firm. It's time to double-check those endpoint security settings! Is your company's network fully secured?

CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems.