The clock is ticking for Windows 10 users. Microsoft has confirmed that October 14 marks the official end of security updates for the world’s most widely used operating system. After that date, more than 600 million PCs will no longer receive critical protections against new cyberthreats.

Why This Matters

Running an unsupported operating system is like leaving your front door unlocked. Without Microsoft’s regular patching, every new vulnerability becomes an open invitation for hackers. ESET security specialist Jake Moore warns, “Out-of-date operating systems can be left vulnerable to attack as criminals will look for any vulnerabilities that aren’t patched and target people’s data.”

Your Upgrade Options

• Move to Windows 11: Microsoft strongly recommends upgrading to Windows 11 if your hardware supports it.
• Extended Security Updates (ESU): If your PC can’t run Windows 11 and you aren’t ready to replace it, check Windows Update for an “Enroll Now” button. By saving your PC settings to OneDrive, you can receive a free 12-month ESU, buying you time to plan your next move.
• Flyby11 Workaround (Advanced Users): A community tool nicknamed Flyby11 can sometimes install Windows 11 on unsupported hardware. However, it requires technical know-how and isn’t officially endorsed by Microsoft.

Act Before the Deadline

If you intend to stay on Windows 10—even temporarily—make sure you enroll in the ESU by October 13. After October 14, your system will no longer receive vital security patches.

Bottom line: Don’t ignore the countdown. Whether you upgrade, enroll for extended updates, or replace your machine, take action now to keep your data safe once Windows 10 reaches end of life.

Protecting client information isn’t just good practice—it’s critical to your reputation and your bottom line. Yet one of the most common ways cybercriminals gain access to sensitive data is through poorly configured email settings. For small businesses, a single oversight can mean a costly breach, legal trouble, and lost customer trust. Here’s how to lock down your email before hackers can get a foot in the door.

1. Enforce Strong Passwords and MFA

Make it policy that every mailbox uses a strong, unique password and enable multi-factor authentication (MFA) across all email accounts. MFA adds a second layer of security—so even if a password is stolen, an attacker can’t log in without the extra verification.

2. Turn On Email Encryption

Enable end-to-end encryption or at least TLS encryption to protect emails in transit. This ensures that if messages are intercepted, the contents remain unreadable to outsiders.

3. Set Up SPF, DKIM, and DMARC

These three protocols verify that emails really come from your domain and help block spoofing:

• SPF (Sender Policy Framework) lists which servers are allowed to send mail for your domain.
• DKIM (DomainKeys Identified Mail) digitally signs messages to prove authenticity.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells email servers how to handle suspicious messages.

4. Limit Forwarding and Auto-Forward Rules

Hackers love to create hidden forwarding rules that secretly send all incoming mail to them. Regularly review and disable unnecessary forwarding in your email admin panel.

5. Audit User Access

Remove old accounts promptly when employees leave. Limit admin rights to only those who truly need them, and review permissions at least quarterly.

6. Activate Spam and Phishing Filters

Ensure advanced filtering is turned on to block malicious attachments and links before they reach inboxes. Most business email platforms like Microsoft 365 and Google Workspace have robust filtering—just make sure it’s configured correctly.

7. Monitor and Train

Technology is vital, but people are the first line of defense. Provide regular phishing-awareness training and monitor for unusual login activity or large outbound email bursts.

The Bottom Line
Email is still the backbone of small-business communication—and a prime target for cybercriminals. By tightening these settings today, you’ll dramatically reduce your risk of exposing client data and keep your business reputation intact. Don’t wait for a breach to find out where the gaps are—secure your email now.

Scammers are finding new ways to trick people, and the latest warning from Apple shows just how sneaky they can be. Attackers are now using iCloud Calendar invites to send fake emails that look like they’re coming straight from Apple. Since the emails come from Apple’s real servers, they can easily slip past spam filters and land in your inbox.

How the Scam Works

Here’s what happens: you get a calendar invite that looks official, maybe saying your PayPal account was charged $599. Inside the invite, there’s a phone number to call if you want to dispute the payment.

If you call, the scammer on the other end will try to convince you that your account has been hacked. They may pressure you into downloading software, sharing your passwords, or even moving money into their account.

Because the message comes from a real Apple email address (like noreply@email.apple.com), it looks legitimate—and that’s what makes this scam so dangerous.

Why It’s Tricky

Most of us are used to being careful with email links. But a calendar invite feels less suspicious. Scammers know this and are taking advantage of it. By hiding their tricks in calendar invites, they make people let their guard down.

How to Protect Yourself

You don’t need to panic—just be cautious. Here are a few easy steps to keep yourself safe:

• Don’t trust unexpected invites. If you didn’t expect it, be suspicious.
• Think twice before calling numbers in emails or invites. Instead, log into your account (PayPal, Apple, etc.) directly through the app or website to check for charges.
• Turn off auto-accept invites. This keeps sketchy invites from landing right in your calendar.
• Slow down if you feel pressured. Scammers often create fake urgency to push you into acting quickly.
• Use two-factor authentication (2FA). This adds an extra lock on your accounts in case someone gets your password.

Stay Alert

Scammers are always looking for new ways to trick people, and this is just the latest example. If something feels off—even if it looks like it came from Apple—take a step back. Verify it through an official app or website before taking any action.

By staying cautious, you can avoid getting caught in these scams and keep your accounts (and your money) safe.

On September 9, 2025, Microsoft is rolling out its September Patch Tuesday update for Windows 11. This update, like most monthly releases, delivers the usual security fixes and performance improvements—but it also comes packed with fresh features, design changes, and app updates.

While not everyone will see all the new features immediately—since Microsoft rolls them out gradually—there’s plenty to look forward to. Some enhancements also depend on hardware or region, so availability may vary. Here’s a breakdown of the biggest changes coming with this month’s update.

1. Redesigned Homepage for the Recall App

The Recall app now has a brand-new homepage that makes it easier to jump back into your recent activities and top content. A new navigation page, similar to the Microsoft Store, lets you quickly access your timeline, interact with snapshots, and use the Click to Do feature.

2. Click to Do Gets an Interactive Tutorial

If you’re new to Click to Do, you’ll now be greeted with a helpful interactive tutorial complete with text and images. It appears automatically the first time you launch the app but can also be found in the app menu for later reference.

3. Clock with Seconds in Notification Center

A throwback to Windows 10: Windows 11’s Notification Center can now display the clock with seconds. This option isn’t enabled by default, but you can turn it on under:
Settings > Time & language > Date & time.

4. Search Improvements: Grid View for Photos

Windows Search now displays photo results in a grid view, making it easier to browse through images. If indexing isn’t complete, you’ll also see a notification explaining why your search results may be limited.

5. Redesigned Widgets Board and Lock Screen Controls

The Widgets board is getting a cleaner design, with a new left-hand pane for easier navigation. Microsoft is also rolling out support for multiple dashboards via the Microsoft Store—though for now, this is only available in Europe.

Other changes include:

• A “Discover” feed with Copilot-curated stories, customizable in Personalization settings.
• Expanded widget controls for the Lock Screen, available worldwide. Users can toggle widgets on or off, customize them, or let Windows automatically suggest four random widgets.

6. Windows Hello Redesign

Windows Hello, the authentication feature, has received a visual overhaul. Expect new elements, animations, and icons that better indicate the type of login method you’re using—whether it’s a passkey, Recall, or Microsoft Store login.

7. Settings App Upgrades

The Settings app continues to evolve with a few big updates:

• AI Agent Expansion: Previously limited to Snapdragon-powered Copilot+ PCs, the AI agent in Settings now works on Intel and AMD AI processors. It helps you quickly find and change system settings using natural language.
• New Dialog Designs: Activation and expiration dialogs now match the Windows 11 style. Privacy-related permission prompts (camera, mic, location, etc.) now dim the background to emphasize importance.

8. Task Manager with Improved CPU Metrics

Task Manager now reports processor usage using industry-standard CPU metrics. For those who prefer the older metrics, the “CPU Utility” column can be enabled in the Details tab.

9. Windows Backup for Organizations

Commercial customers are now getting Windows Backup for Organizations—the enterprise-grade version of the consumer app—offering seamless backup and restore across devices.

10. File Explorer Refinements

Small but noticeable improvements arrive for File Explorer, including:

• Dividers in context menus for better organization.
• A people icon in the “Activity” and “Recommended” sections on the Home page. Hovering over the icon shows a Microsoft 365 Live Personal Card if signed in with a work or school account.

What Didn’t Make It This Month

While this update is packed, Microsoft also confirmed that some features were delayed:

• A new “Your Device Info” card in Settings Home that shows system specs.
• More Control Panel migrations to Settings, including additional clocks, time servers, and date/time format options.

Other features, such as regional format updates, Unicode UTF-8 support, and copying user settings, are still in preview and may appear in upcoming cumulative updates.

Final Thoughts

The September 2025 Patch Tuesday update isn’t just about fixing vulnerabilities—it brings a fresh coat of paint and new functionality to Windows 11. From a more intuitive Recall app to improved Windows Hello visuals and expanded AI integration in Settings, this release shows Microsoft’s ongoing push to refine the user experience.

If you don’t see these changes right away, don’t worry—Microsoft’s gradual rollout means it may take a few weeks before they land on your device.

What would you do if you woke up to find your life savings drained?

The FBI recently issued a new warning about a dangerous scheme called the “Phantom Hacker” scam, which has already stolen over $1 billion since last year. The majority of victims? Seniors and people nearing retirement who thought they were protecting their money.

How the Scam Tricks You Step by Step

Step 1: The Fake Tech Support Call

It starts with a phone call, email, or pop-up from someone claiming to be “tech support.” They sound professional and tell you to download a program so they can check your computer. Once you do, they can everything—including your bank accounts.

Step 2: The “Bank” Steps In

Not long after, you’ll get another call—this time from someone pretending to be from your bank’s fraud department. They’ll claim your account has been hacked by criminals overseas and convince you to move your money somewhere “safe.”

Step 3: The “Government” Gets Involved

Finally, a scammer posing as the Federal Reserve or another government agency calls or even mails you an official-looking letter. Their goal is to make the whole scheme feel completely legitimate. By now, many victims believe they’re protecting their money—when in reality, it’s being drained away.

Why People Fall for It

These scams work because they feel personal. Criminals often use social media to learn about your hobbies or big life moments—like posting about your love for classic cars or a recent retirement. With AI, they can craft messages that sound tailor-made for you. That extra touch makes it much harder to spot the scam.

How to Protect Yourself (and Your Loved Ones)

The good news? A few simple habits can protect you:

• Never give remote access to your computer unless you contacted the company yourself.
• Don’t move money just because someone tells you to over the phone. Banks and government agencies will never ask you to do this.
• Hang up and call back using a trusted number. Look at your bank statement or the back of your card—not the number given to you by the caller.
• Talk to someone you trust. If something feels urgent or secretive, that’s a red flag. A quick chat with a friend, family member, or your bank could save you from losing everything.

What to Do If You Suspect a Scam

If you think you’ve been targeted:

• Report it at tips.fbi.gov or through the FBI’s Internet Crime Complaint Center (IC3).
• Call your bank immediately to alert them.
• Share your experience—talking about it helps others avoid becoming the next victim.

The Bottom Line

The Phantom Hacker scam is sneaky, convincing, and devastating—but you don’t have to fall for it. Stay cautious, trust your instincts, and share this warning with loved ones, especially older family members who might be at risk.

A little awareness today could protect a lifetime of savings tomorrow.

You may have seen the headlines: a major Chinese-backed hacking group, known as Salt Typhoon, has been caught breaking into networks across the world. While this sounds like something only governments and large corporations should worry about, the truth is that everyday users are also part of the picture.

Here’s what you need to know, and what you can do to stay safe.

What’s Happening?

Salt Typhoon first became known for attacking telecommunications companies—the systems that keep our phones, internet, and messages connected. But a new alert from cybersecurity agencies across the U.S. and around the globe shows that their activity goes much further.

They are now targeting:

• Government networks
• Transportation systems
• Hotels and lodging companies
• Military organizations

Why those industries? Because they collect valuable details about where people are, who they’re talking to, and what they’re doing. Think travel records, hotel stays, phone calls, and more—all data that can be pieced together for surveillance.

Why It Matters to You

Even if you don’t work in telecom or government, attacks like this affect everyone. Hackers often take the easiest way into a system, and that can mean going through individual users.

For example:

• Clicking on a malicious link at work can give attackers a foothold into your company’s network.
• Using weak or repeated passwords makes it easier for hackers to spread their reach.
• Not updating your devices can leave open doors that attackers already know how to exploit.

How You Can Protect Yourself

While this campaign sounds big and distant, small steps by end users make a huge difference. Here’s what you can do right now:

🔒 Use strong, unique passwords
Don’t reuse the same password across accounts. A password manager can help keep track of them securely.

📱 Enable multi-factor authentication (MFA)
Even if hackers steal your password, MFA (like a text code or app prompt) can block them.

🔄 Keep your devices updated
Whether it’s your phone, laptop, or router, always install updates. Hackers target known weaknesses that updates fix.

📧 Stay alert for phishing attempts
Don’t click suspicious links or attachments. If an email feels off—even if it looks like it’s from your boss or a company you trust—verify it before responding.

🌐 Be careful on public Wi-Fi
Use a VPN, when possible, especially if accessing work accounts or sensitive information on hotel or airport Wi-Fi.

The Bottom Line

Salt Typhoon is a reminder that cyber threats aren’t just about big organizations and governments. Every person is a potential doorway into larger systems. By taking simple precautions, you help protect not only yourself but also your workplace, community, and even national security.

Staying safe online is a shared responsibility—and your vigilance is part of the defense.

The internet has never been completely safe, but recent research from Guardio suggests a new wave of risks that could make online life even more treacherous. AI-powered browsers—tools designed to handle tasks like shopping, reading, and even managing emails for you—are convenient, yes, but they also open the door to new types of attacks that many of us aren’t prepared for.

AI Browsers: The Future of Convenience… or Risk?

Imagine a browser that doesn’t just help you search—it acts on your behalf. Need to buy a new gadget or pay a bill? The AI can do it all. Sounds amazing, right? But Guardio’s research shows that this convenience comes at a steep price. When AI acts automatically, it can make mistakes that no human would, and scammers are already taking notice.

Test 1: How an AI Bought a Fake Apple Watch

To test the risks, Guardio set up a fake Walmart store. It looked real—clean design, realistic product listings, even a checkout flow that could fool most casual shoppers.

When instructed to buy an Apple Watch, the AI didn’t hesitate. It added the watch to the cart, autofilled saved personal and credit card information, and “completed” the purchase in seconds. No confirmation. No warnings. Just a transaction that, if it were real, would have cost real money.

The takeaway? AI can be fooled surprisingly easily—and when that happens, there’s no safety net.

Test 2: Phishing Pages and AI Vulnerability

In another experiment, Guardio sent the AI to a fake Wells Fargo login page through a phishing email. Once again, the AI treated the site as legitimate, helping to fill in credentials.

It’s a clear example of how AI doesn’t automatically protect you. Even sites designed to trick humans can mislead AI, putting sensitive information at risk.

Test 3: Hidden Prompt Injections

Guardio also explored a new type of attack called prompt injection. In one test, malicious instructions were hidden inside a Captcha popup. The AI ignored what the human could see and followed the hidden instructions instead.

This is a perfect illustration of the new “AI-vs-AI” threat: scammers can trick AI with clever manipulations, scaling attacks far more efficiently than before.

Why This Isn’t Just a Tech Problem

We often rely on tools like Google Safe Browsing to protect us. But Guardio found that even phishing pages were active for days without being flagged. The problem isn’t just human error—it’s that our defenses haven’t caught up to AI’s new role online.

In an AI-vs-AI world, attackers only need to break one AI system. Once they succeed, the same exploit can be repeated endlessly. The stakes are higher than ever.

How to Protect Yourself

If you’re using AI agents, Guardio’s advice is simple but critical:

• Limit AI autonomy: Don’t allow agents to access saved passwords or autofill credit card information
• Enhance browser security: Turn on Enhanced Protection, or switch to a more secure browser
• Stay alert: Treat AI-driven actions with caution and never assume they are automatically safe

The Bottom Line

AI browsers are powerful, but convenience comes at a cost. Guardio’s research is a stark reminder that the internet we trust may not be as safe as we think—especially when AI is acting on our behalf. Before giving your AI agent free rein, it’s worth asking: are you ready to trust it with your security and finances?

Hurricane season brings more than heavy rain and strong winds—it also poses serious risks to your data and technology. Power outages, flooding, and physical damage can disrupt operations, cause data loss, and even put sensitive information at risk. Being proactive can save you time, money, and stress when storms hit. Here’s how to safeguard your digital life during hurricane season.

1. Backup Your Data Regularly

Data loss is one of the most common consequences of severe weather. Ensure you have multiple backups of critical files:

• Cloud backups: Services like OneDrive, Google Drive, or Dropbox keep your data safe offsite.
• Physical backups: External hard drives or network-attached storage (NAS) devices provide an extra layer of protection. Keep them in waterproof containers if flooding is possible.
• Automatic backups: Schedule regular automatic backups so you don’t have to remember to do it manually.

2. Protect Your Devices from Power Surges

Hurricanes often cause power fluctuations that can fry electronics. Protect your devices by:

• Using surge protectors: High-quality surge protectors shield computers, routers, and TVs from voltage spikes.
• Unplugging devices: If a storm is approaching, disconnect devices to prevent damage.
• Investing in a UPS (Uninterruptible Power Supply): A UPS provides temporary power during outages and protects against surges, giving you time to safely shut down systems.

3. Secure Your Network

Internet and network access are crucial for remote work and emergency communications. Protect your network by:

• Backing up routers and modems: Store your ISP’s equipment safely and keep a record of settings.
• Using mobile hotspots: Have a backup internet source if your primary connection goes down.
• Strengthening cybersecurity: Storms can create opportunities for cyberattacks; keep antivirus software up to date and ensure firewalls are active.

4. Protect Physical Equipment

Water and wind can destroy hardware in minutes. Take steps to secure your equipment:

• Elevate electronics: Place computers, servers, and routers on shelves or high surfaces to avoid flood damage.
• Waterproof cases: Use waterproof storage for critical hardware and sensitive documents.
• Move devices to safe locations: If possible, relocate laptops, servers, and other electronics to higher floors or interior rooms.

5. Create a Disaster Recovery Plan

Being prepared means having a clear plan for restoring systems after a storm.

• Identify critical systems: Know which applications, servers, and files must be restored first.
• Document procedures: Include instructions for accessing backups, reinstalling software, and reconnecting networks.
• Test your plan: Run drills to ensure your team knows what to do and systems can be restored quickly.

6. Consider Cloud-Based Solutions

Cloud platforms offer additional protection when physical systems are compromised. Moving critical services to the cloud can:

• Reduce downtime
• Allow remote access to data and applications
• Eliminate dependency on on-site hardware

7. Communicate and Stay Informed

• Emergency notifications: Sign up for alerts from local authorities.
• Team coordination: Ensure employees know how to access systems and communicate during outages.
• Insurance coverage: Review your insurance policies for coverage on electronics and data loss.

Conclusion
Hurricane season is unpredictable, but the impact on your data and technology doesn’t have to be. By backing up data, protecting hardware, securing networks, and having a recovery plan in place, you can weather the storm with confidence. Being prepared today ensures that when the winds blow and the rains fall, your digital life stays safe and your business keeps running smoothly.

While AI might sound like a luxury reserved for big corporations, affordable and easy-to-use AI tools are now helping nonprofits work smarter, not harder. Here’s how your organization can use AI to boost both donations and engagement—without losing the human touch that makes your mission unique.

1. Personalizing Donor Outreach

Generic mass emails rarely inspire action. AI tools can analyze donor history, giving patterns, and interests to segment your audience automatically. That means you can send tailored messages—like a thank-you email highlighting a program the donor cares about most, or a donation appeal timed to when they’re most likely to give.
Why it matters: Personalized communication can increase open rates, engagement, and donation amounts.

2. Predicting Donor Behavior

Some donors are more likely to give again than others—but how can you tell? AI-powered analytics can predict which supporters are at risk of disengaging and which are likely to respond to a campaign.
Why it matters: Proactive engagement helps maintain and grow your donor base over time.

3. Automating Time-Consuming Tasks

From drafting emails to summarizing meeting notes, AI can automate the repetitive administrative work that often pulls staff away from mission-driven activities. Imagine cutting the time spent writing a newsletter in half so your team can focus on community outreach instead.
Why it matters: More time for what matters most—your mission.

4. Creating Engaging Content

AI tools can help generate ideas, draft blog posts, and even suggest social media captions designed to resonate with your audience. You can quickly produce multiple variations and test which messaging gets the most clicks, shares, and donations.
Why it matters: Stronger storytelling builds deeper emotional connections with supporters.

5. Enhancing Fundraising Campaigns

AI-powered platforms can analyze past campaign performance to recommend the best times to launch, optimal donation amounts to suggest, and even the types of images or videos that perform best with your audience.
Why it matters: Data-backed decisions lead to higher returns on every campaign.

6. Supporting Volunteers and Staff

AI chatbots can answer common questions from volunteers, guide them through onboarding, or help them find the right opportunities to serve. This frees staff from answering repetitive inquiries and keeps volunteers engaged and informed.
Why it matters: Happy, well-supported volunteers are more likely to stay involved.

Important Note: Keep AI Human-Centered

While AI can improve efficiency and effectiveness, it’s not a replacement for the relationships that make nonprofit work meaningful. AI should be seen as a supporting tool—helping you reach more people, more effectively, so your human interactions have greater impact.

Getting Started

If you’re new to AI, you don’t have to overhaul your entire tech setup. Many affordable tools integrate with platforms you already use, like Microsoft 365, Google Workspace, or donor management systems.
As an IT partner for nonprofits, we can help you identify AI solutions that fit your budget, integrate seamlessly with your systems, and keep donor data safe.

Bottom line: By using AI to personalize outreach, predict donor behavior, and streamline operations, your organization can connect more deeply with supporters and inspire greater generosity.

Microsoft has issued a warning about a serious security flaw in certain on-premises versions of Exchange Server — a system many organizations use to manage email. If your company uses Exchange in a hybrid setup (where it connects with Microsoft 365), this vulnerability could allow cybercriminals to gain powerful access to your online accounts without being detected.

Why This Matters to You

If exploited, this flaw could let attackers:

• Gain control over your Microsoft 365 email and files.
• Access sensitive business data without triggering alarms.
• Impersonate employees and send convincing phishing emails.

While the attack requires that criminals already have access to your on-site Exchange server, once they do, the damage could be fast, silent, and far-reaching.

What Microsoft and CISA Are Saying

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency order for government agencies to patch this issue right away. They recommend all organizations take similar action immediately — not just federal agencies.

Microsoft has already released an update (April 2025 Hot Fix or newer) and provided specific instructions to make hybrid Exchange setups more secure. They also advise removing outdated Exchange servers from the internet entirely.

What You Should Do

If your organization uses Microsoft Exchange — especially in a hybrid setup with Microsoft 365:

1. Contact your IT team or provider immediately to confirm your system has been updated with Microsoft’s latest patch.
2. Review your Exchange configuration to ensure it follows Microsoft’s new security guidelines.
3. Retire old or unsupported servers that may still be online.
4. Stay alert for unusual account activity or suspicious emails.

The Bottom Line

This isn’t just “another tech issue” — it’s a serious security gap that could allow attackers to silently take over your business email and cloud environment. The sooner it’s fixed, the better your chances of staying secure.

If you’re unsure whether your company is at risk, ask your IT provider today. When it comes to cybersecurity, waiting can cost far more than acting quickly.