
Today is Wednesday, July 1, 2026. Here is the 5 PM technology recap from The IT Guys: identity attacks are still the biggest practical risk for Microsoft 365 tenants, Oracle E-Business Suite administrators have a serious exposure problem to verify, Adobe pushed urgent server-side fixes, DHS confirmed a breach of a sensitive collaboration platform, and the AI buildout continues to pull major money into power infrastructure.
This recap is written for home users, small offices, and local businesses that need the plain-English version: what changed today, what matters, what can wait, and what should be checked before the weekend.
Listen to the quick podcast version
The audio player near the top of this post uses a locally generated voice file made with espeak-ng and ffmpeg. No OpenAI voice service was used.
1. Microsoft 365 password-spray campaign shows why MFA rules need a second look
The most immediately useful security story today is a large password-spraying campaign against Microsoft 365 environments. BleepingComputer reported that attackers generated more than 81 million login attempts over a two-week period by targeting Microsoft Azure CLI authentication. SecurityWeek’s summary says Huntress observed compromises of 78 accounts across 64 organizations, with attackers using old username/password combinations exposed in prior breaches.
The practical issue is not just the scale. The reporting says the campaign abused authentication paths that can still be present even when an organization thinks it has Conditional Access policies in place. This is exactly why “we turned on MFA” is not the same thing as “we reviewed every sign-in method and blocked legacy or risky flows.”
Good news
- This is detectable. Microsoft 365 sign-in logs, failed-login spikes, unfamiliar IPv6 ranges, and unusual Azure CLI sign-ins can all give defenders a trail.
- The main fixes are not exotic: stronger MFA enforcement, blocking risky legacy flows, disabling unused accounts, and reviewing Conditional Access gaps.
Bad news
- Password spraying works because attackers do not need every password. They only need one weak, reused, or previously breached password that still opens a useful account.
- Small businesses often inherit old Microsoft 365 settings from rushed migrations, former vendors, or temporary accounts that were never removed.
What to do today
- Check Microsoft Entra ID sign-in logs for repeated failures, Azure CLI sign-ins, unfamiliar locations, and successful logins after many failures.
- Require phishing-resistant MFA where possible, especially for admins, finance users, and anyone with mailbox delegation rights.
- Disable or reset stale accounts, shared accounts, and old vendor accounts.
- Review Microsoft’s password-spray response guidance in its incident response playbook.
Related local checklist: run a password health check and make sure remote support access is handled safely with clear verification steps.
2. Oracle E-Business Suite exposure is still active and serious
BleepingComputer reported today that more than 900 Oracle E-Business Suite instances were found exposed online while attacks continue against a critical Oracle Payments flaw, tracked as CVE-2026-46817. The vulnerability is in the File Transmission component and can allow unauthenticated takeover of vulnerable systems over HTTP. Oracle patched the issue in its May 2026 Critical Patch Update, but exposed systems are still being found.
This is not a typical home-user story, but it matters locally because many small and midsize companies depend on outside accounting, payroll, logistics, healthcare, or manufacturing vendors that run big enterprise systems. When those systems are exposed, the downstream impact can show up as payment delays, vendor portal outages, invoice fraud, or breach notifications weeks later.
Customer impact
- If your organization runs Oracle E-Business Suite, this is a patch-and-exposure verification item, not a “read later” item.
- If you are a customer of a vendor that uses Oracle portals, watch for unusual payment-change requests, new banking instructions, and unexpected file-transfer notices.
- Finance teams should verify vendor payment changes by phone using a known number, not a phone number supplied in a fresh email.
Related local checklist: verify payment changes before paying an invoice.
3. Adobe patches maximum-severity ColdFusion and Campaign Classic flaws
Adobe released security fixes for multiple severe vulnerabilities affecting ColdFusion and Campaign Classic, including seven maximum-severity issues. SecurityWeek noted that the defects could lead to arbitrary code execution, and Adobe marked them as higher-priority fixes because exploitation risk is meaningful.
ColdFusion is old enough that some businesses forget they still have it. That is the dangerous part. A forgotten web app in a corner of the company can still hold customer forms, employee uploads, marketing data, or internal automation hooks.
What to check
- Ask whether any website, intranet, form system, or vendor-hosted application still uses Adobe ColdFusion.
- Check external-facing servers first. Internet-facing ColdFusion should be inventoried, patched, and protected behind modern access controls.
- If Campaign Classic is in use, coordinate patching with marketing operations so campaigns do not hide a server-side security gap.
4. DHS confirms breach of HSIN information-sharing platform
DHS confirmed to BleepingComputer that hackers breached the Homeland Security Information Network, a sensitive information-sharing platform used by government and private-sector partners. DHS said classified systems were not affected, but the incident is still a reminder that collaboration platforms need the same security discipline as email and file storage.
The takeaway for small organizations is not “panic about federal systems.” It is that shared portals, SharePoint sites, project workspaces, and customer extranets often become soft targets because everyone treats them as convenience tools instead of business-critical systems.
Small-business takeaway
- Review who has access to shared cloud workspaces at least quarterly.
- Remove old vendors, former employees, one-time guests, and expired project accounts.
- Use separate admin accounts for administration instead of daily email accounts.
Related local checklist: review connected apps and permissions.
5. FTC/Amazon identity-theft settlement is a useful reminder for fraud victims
The Federal Trade Commission announced this week that Amazon will pay $2.25 million to resolve allegations that it failed to provide identity-theft victims with transaction records they were entitled to under the Fair Credit Reporting Act. The Verge summarized the consumer side of the case: victims were allegedly blocked from getting records about fraudulent transactions made with their personal information.
This is good news for consumers because it reinforces a simple point: if someone uses your identity to open or abuse an account, documentation matters. Police reports, FTC IdentityTheft.gov reports, card disputes, and written requests to merchants can all become part of the recovery trail.
What home users should keep
- Screenshots of fraudulent orders, emails, texts, and account notices.
- Case numbers from banks, card issuers, retailers, and IdentityTheft.gov.
- A list of every account where passwords, recovery email addresses, or MFA settings were changed after the incident.
6. AI infrastructure keeps pulling money into power and data centers
On the “good but complicated” side of the ledger, Brookfield and Bloom Energy expanded their AI infrastructure partnership to $25 billion, according to the company announcement carried by FT Markets and follow-up market coverage from Yahoo Finance. The goal is to finance onsite power systems for AI data-center demand.
The positive side is faster deployment of power for data centers, which can help support AI services, cloud capacity, and business automation. The caution is that every AI feature still has a physical footprint: power, cooling, hardware, networking, and long-term operating cost. For small businesses, that means AI tools should be judged like any other technology purchase: what problem does it solve, what data does it touch, what does it cost after the trial, and what happens if the vendor changes terms?
Jennifer’s 5 PM practical checklist
- Microsoft 365 admins: check for password-spray indicators and risky Azure CLI sign-ins.
- Business owners: make sure every admin account has strong MFA and that old employee/vendor accounts are gone.
- Server owners: patch Adobe ColdFusion/Campaign Classic and verify whether Oracle E-Business Suite is exposed.
- Finance teams: verify vendor payment changes through a known trusted channel.
- Home users: keep identity-theft records organized and do not rely on memory during fraud recovery.
- Everyone: treat cloud-sharing spaces like real systems, not temporary folders.
Bottom line
The biggest theme today is identity and exposure. Attackers are still getting mileage from old passwords, old settings, forgotten servers, and shared workspaces that nobody owns anymore. The most useful work this week is not buying a new security product. It is checking accounts, patch levels, permissions, backups, and payment-change procedures before a routine gap turns into a business interruption.