
Jennifer’s 5 PM take for Monday, July 6, 2026: yesterday’s tech news had a very practical theme for home users and small businesses: the scams are getting more believable, developer and server tooling still needs fast patching, AI is changing real jobs and real security decisions, and privacy settings are drifting toward more data collection unless people check them. The good news is that several of the biggest items have clear action steps. The bad news is that the action steps only work if somebody owns them before there is a lockout, breach, or rushed employee request.
This recap is written for customers who do not have time to chase every headline but still need to know what should change on their computers, cloud accounts, phones, and business systems.
In This Recap
- Fake job interview phishing is stealing Google accounts
- Fake Microsoft Teams IT support calls are pushing malware
- Adobe ColdFusion exploitation moved from patch note to active risk
- Gitea Docker probes show how quickly attackers chase DevOps flaws
- AI-assisted ransomware still needs human direction, but the risk is real
- Google AI privacy settings are worth checking
- Microsoft layoffs show how AI is changing work, even when it is not a simple replacement story
- WhatsApp usernames could help people share contact info with less phone-number exposure
Bad News: Fake Job Interviews Are Being Used To Steal Google Accounts
BleepingComputer reported on July 6 that a phishing campaign is impersonating more than 30 well-known brands in fake job interviews, including names such as Adobe, Netflix, Coca-Cola, and OpenAI. The campaign targets marketing professionals and tries to steal Google account credentials.
That is dangerous because a Google account is often more than email. It can hold password-reset access, Drive files, business documents, calendars, browser sync data, YouTube channels, ad accounts, analytics access, and saved recovery methods. For a small business, one compromised Google Workspace account can become the doorway into customer files, invoices, domain administration, and other cloud systems.
Good Points
- The scam has a recognizable pattern: unsolicited recruiting, urgent interview steps, brand-name impersonation, and account sign-in pressure.
- Passkeys, security keys, and strong MFA can make stolen passwords less useful.
- Businesses can reduce risk by separating personal Gmail from business Google Workspace access.
Bad Points
- Job seekers are already under pressure, so fake interview flows can feel believable.
- Marketing, sales, and finance users often have access to valuable cloud files and customer data.
- If a personal Google account is reused for business recovery, the business inherits that personal-account risk.
What to do: do not sign in from links sent in a recruiting chat or email. Go directly to the company’s official careers site. If a recruiter asks for Google access, OAuth permission, a Chrome extension, or a download before a normal interview process, slow down and verify through a separate channel. For businesses, review who has access to Google Workspace, YouTube, Ads, Analytics, Search Console, and shared Drive folders.
Bad News: Fake Microsoft Teams IT Support Calls Are Pushing EtherRAT
Another July 6 BleepingComputer report warned that attackers are abusing Microsoft Teams voice calls by pretending to be corporate IT support and pushing victims toward malware installation. The malware named in the report is EtherRAT, and the goal is initial access into corporate networks.
This is the kind of attack that works because it sounds operational. A user gets a Teams call, the caller claims there is a computer issue, and the user is walked into installing a tool, running a command, approving remote access, or bypassing their normal caution because the person sounds like “IT.”
Small-business takeaway: your employees need a simple rule: IT support should be verified before remote-control tools, downloads, device enrollment, or MFA prompts are approved. That rule needs to be written down and easy to follow, not buried in a handbook nobody reads.
A practical verification rule
- Use a known support number, ticket portal, or named internal contact before accepting remote help.
- Do not install software from a Teams call, chat message, or screen-share link without verifying the request.
- If someone says “this is urgent, do it now,” treat that as a reason to slow down.
- Admins should review Teams external access, guest access, and meeting/calling policies.
This also connects directly to our earlier The IT Guys advice on verifying remote support before letting anyone into a computer. The channel changes, but the rule stays the same: verify the helper before you give them control.
Bad News: Adobe ColdFusion Exploitation Is Now Being Reported
BleepingComputer also reported that attackers are exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, citing vulnerability intelligence reporting. ColdFusion is not installed on most home computers, but the businesses that use it often run important web applications, portals, forms, or internal systems.
The customer-facing lesson is simple: old web platforms do not stop being business-critical just because nobody talks about them every day. If your website, customer form, intranet, or vendor portal depends on ColdFusion, PHP, WordPress, Drupal, Java, .NET, or another server stack, it needs a patch owner and a backup plan.
What affected organizations should check
- Which ColdFusion versions are installed and whether Adobe’s current security updates are applied.
- Whether the server is internet-facing or restricted behind a VPN, firewall, or access proxy.
- Whether logs show unexpected uploads, suspicious requests, new admin users, or web shell behavior.
- Whether the application can be restored from a known-good backup if compromise is suspected.
Home-user angle: if you are just a customer of a site that uses ColdFusion, you may not see the server technology at all. The practical move is to use unique passwords and MFA so a breach at one provider does not become a breach everywhere else.
Bad News: Attackers Are Already Probing A Gitea Docker Flaw
The Hacker News reported on July 6 that attackers were probing a recently patched critical flaw in Gitea Docker images, tracked as CVE-2026-20896, about 13 days after disclosure. Gitea is a self-hosted Git service. It is common in developer, homelab, DevOps, MSP, and small engineering environments.
This matters because source-code platforms are high-value targets. A compromised Git server can expose application source code, deployment scripts, secrets accidentally committed to repositories, CI/CD tokens, documentation, and internal project history.
Good Points
- The issue is identified and patches exist.
- Docker-based deployments can usually be inventoried and updated cleanly if the environment is documented.
- Small teams can reduce exposure quickly by limiting public access to admin and Git services.
Bad Points
- Attackers are moving quickly after disclosure.
- Self-hosted development tools are easy to forget once they “just work.”
- Secrets in repositories can turn a Git compromise into a cloud or server compromise.
What to do: update affected Gitea containers, review exposed ports, confirm backups, rotate any secrets that may have been stored in repositories, and check authentication logs. If you are using a self-hosted Git server for business work, put it on the same maintenance list as firewalls, backup systems, remote access, and email.
Mixed News: AI-Assisted Ransomware Is Real, But It Is Not Magic
TechCrunch covered new detail around a reported AI-run ransomware case and made an important point: the technical execution may have involved an AI agent, but a human still played a role. That distinction matters. The risk is serious, but businesses should not treat “AI ransomware” as science fiction that has no practical defenses.
The defenses still look familiar: patch exposed systems, require MFA, remove stale admin access, keep offline or immutable backups, monitor for unusual sign-ins, and segment important systems so one stolen credential does not reach everything.
Where AI changes the conversation: AI can speed up scanning, scripting, phishing text, lateral-movement attempts, and adaptation during an attack. That means slow patching and weak account hygiene become more expensive. It also means incident-response plans need to be realistic: know who can shut down access, who can restore backups, and who can contact customers or vendors if data is involved.
Privacy Check: Google AI Data Settings Are Worth Reviewing
TechCrunch published a July 6 privacy guide warning that Google users should check settings related to uploaded media and AI model improvement. The exact settings and wording can change, so the practical advice is to go directly into your Google account controls rather than relying on an old screenshot.
For home users, this is about personal privacy. For businesses, it is also about data handling. Staff may upload screenshots, documents, photos, audio, or files while using search, AI helpers, browser tools, or mobile apps. If those uploads include customer information, invoices, credentials, contracts, health information, or legal documents, the business needs rules.
What to review
- Google account activity controls and AI personalization settings.
- Whether employees are using personal Google accounts for business files.
- Browser sync settings on shared or former-employee devices.
- Which AI tools are approved for customer or company data.
Simple policy: do not upload customer files, passwords, contracts, employee records, or private screenshots into consumer AI tools unless your business has approved the tool and understands the data terms.
Workforce News: Microsoft Layoffs Show AI Is Changing Workflows
TechCrunch reported on July 6 that Microsoft eliminated about 4,800 roles, around 2.1 percent of its global workforce. The report said Microsoft described the roles as not simply being replaced by AI, while also acknowledging that AI is changing how work gets done and automating everyday tasks.
This matters for small businesses because the same shift is coming at a smaller scale. The issue is not “replace everyone with AI.” The better question is: which repeated tasks should be automated, which decisions still need a human, and what controls prevent sensitive data from leaking into tools nobody approved?
Good Points
- AI can reduce repetitive drafting, summarizing, ticket triage, spreadsheet cleanup, and basic documentation work.
- Small teams can get more organized if they pair automation with clear review steps.
- Employees can become more effective when tools are introduced with training instead of panic.
Bad Points
- Unmanaged AI use can expose private business data.
- Automation can create errors faster if nobody reviews the output.
- Workforce changes create security risk when account offboarding, device returns, and shared-password cleanup are rushed.
Business move: create a short AI-use policy now. It should say which tools are approved, what data cannot be pasted into them, who reviews important output, and how AI-generated work is labeled or checked.
Good News: WhatsApp Usernames Could Reduce Phone-Number Sharing
TechCrunch also covered WhatsApp username reservation. The practical value is privacy: usernames can let people share a contact path without handing out a phone number in every situation.
This will not replace normal business phone systems, but it may help sole proprietors, sales teams, community groups, and customer-facing staff reduce casual phone-number exposure. The caution is that usernames can also create impersonation risk, so businesses should reserve obvious names early, publish official contact details in one place, and warn customers not to trust random payment or support requests sent from lookalike names.
Local IT Checklist For July 6
- Recruiting and HR: warn job seekers and hiring staff about fake interview links and Google account theft.
- Microsoft 365 and Teams: remind users that real IT support should be verified before downloads, remote control, or MFA approvals.
- Servers: patch ColdFusion and Gitea if you run them, and review logs for suspicious activity.
- Backups: confirm that important business systems can be restored without needing the same compromised account.
- AI tools: write down what data employees may and may not paste into AI systems.
- Google accounts: review account activity, AI/data settings, recovery methods, passkeys, and backup codes.
- WhatsApp: reserve business-relevant usernames when available and publish official contact guidance.
Related Reading From The IT Guys
- Quick Tech Tip: Add Passkeys, But Save Your Backup Codes First
- Quick Tech Tip: Verify Before Allowing Remote Support
- Samsung, SK hynix, and Micron Sued Over Alleged DRAM Price Fixing
- Quick Tech Tip: Make A One-Page Tech Emergency Sheet Before Something Breaks
Sources
- BleepingComputer: Phishing poses as big-brand job interview to steal Google accounts
- BleepingComputer: Fake IT support calls on Microsoft Teams push EtherRAT malware
- BleepingComputer: Adobe ColdFusion flaw exploited in attacks
- The Hacker News: Threat actors probe Gitea Docker flaw CVE-2026-20896
- TechCrunch: The first AI-run ransomware attack still needed a human
- TechCrunch: Google AI data settings and opt-out guidance
- TechCrunch: Major tech layoffs in 2026 where employers cited AI
- TechCrunch: WhatsApp username reservation guidance
- CISA Known Exploited Vulnerabilities catalog
- Microsoft Security Response Center: CVE-2026-45659