Windows Zero-Day Exploits, Crypto ATM Scams, and the Microsoft 365 Threat Businesses Can't Afford to Miss

If you use a Windows computer or a Microsoft 365 account for your business, the next few minutes could be the most important thing you read all week. Right now — not later, not tomorrow — hackers are actively exploiting security holes that Microsoft has not yet patched. At the same time, a scam is draining millions from Americans every year, and a major data breach may have already exposed your personal information.

At A Faster PC, your managed IT services provider [link to managed IT services page] serving Florida's Treasure Coast, Space Coast, and South Florida, we track these threats so you don't have to. Here is every active threat you need to know about right now, and exactly what you should do about each one.

The Crypto ATM Scam Draining Millions From Families

Americans lost over $388 million to cryptocurrency ATM scams in 2025 alone — a 58% increase from the year before. This scam is hitting seniors especially hard. Over half of all victims are 55 and older.

Here is how it works. A scammer calls you or someone you love, pretending to be from the government — the Social Security Administration, the IRS, or even local law enforcement. They sound official. They know your name. They tell you there is a problem that can only be resolved by withdrawing cash and depositing it into a cryptocurrency ATM using a QR code they provide.

We had a client come to us after losing $15,000 this way. They were not yet our customer when it happened, but they are now, and we are helping make sure it never happens again.

Let us be absolutely clear: no legitimate government agency and no real law enforcement officer will ever ask you to pay using a cryptocurrency ATM. Ever. If someone asks you to do this, hang up immediately. If someone in your life mentions a stranger asking them to use a Bitcoin ATM, intervene right away.

Talk to your family about this threat and share our free cybersecurity resources.

The 7-Eleven Data Breach That Put 600,000 Records on the Dark Web

If you have ever used a 7-Eleven Speedway Speedy Rewards card or a Stripes store card, your personal information may already be exposed.

A cybercrime group known as Shiny Hunters — a group we have reported on before — breached 7-Eleven's Salesforce CRM system. On April 8th, they stole over 600,000 records and published a 9.4GB archive on the dark web containing names, email addresses, and potentially corporate data.

What You Should Do Right Now

Change your password for any 7-Eleven, Speedway, or Stripes loyalty account immediately. Use a unique password — not one you have used anywhere else. If you have been reusing that password on your email account or your bank, change those too. A secure password manager can help you keep track of unique passwords across all your accounts. Not all password managers are equally secure, and if you need help choosing one, [we can help you find the right solution] → managed IT services page or contact page.

Tycoon2FA — The Microsoft 365 Phishing Threat That Doesn't Need Your Password

This one is specifically for business owners using Microsoft 365, and it should alarm you.

There is a phishing platform called Tycoon2FA that has been specifically designed to hijack Microsoft 365 accounts. What makes it uniquely dangerous is that it does not need your password and does not rely on a fake login page. Instead, it exploits something called OAuth device code authorization — the system that lets you enter a code on one device to approve a login on another.

Tycoon2FA tricks users into entering an authorization code that hands attackers full access to a Microsoft 365 account: email, files, Teams messages, everything. And standard security settings do not catch it.

What Microsoft 365 Business Users Must Do

If your business runs on Microsoft 365 [link to Microsoft 365 security services page or cybersecurity services page], talk to your IT provider today about reviewing your OAuth application permissions and access controls. You also need real-time monitoring of your Microsoft 365 accounts. Tycoon2FA exploits the gaps that standard default settings leave wide open.

The Most Urgent Threat — Two Unpatched Windows Zero-Days Being Actively Exploited

Your antivirus will not save you from this one. Two Windows zero-day vulnerabilities are being actively exploited right now, and Microsoft has not released patches for either of them.

MiniPlasma — Privilege Escalation With No Fix

The first is called MiniPlasma. It is a privilege escalation exploit, meaning that a hacker who gains even basic access to your computer — even through a low-level user account — can use MiniPlasma to take complete control of your system. It is confirmed active in real-world attacks, and there is currently no fix available at all.

YellowKey — The BitLocker Bypass Targeting Your Laptops

The second is called YellowKey. This exploit targets BitLocker, the encryption built into Windows that is supposed to protect your data if your device is ever stolen. YellowKey allows anyone with physical access to your device to unlock and read your encrypted drives without a password.

If your business has employees working remotely, traveling salespeople, or anyone carrying a laptop outside the office, this is a critical and immediate risk. Microsoft has released a temporary manual mitigation for YellowKey, but there is no permanent patch yet. MiniPlasma has no fix at all.

Microsoft Defender Is Under Attack Too

It gets worse. Microsoft Defender itself has two zero-day vulnerabilities being actively exploited. One lets attackers escalate privileges to the system level — the highest access tier on any Windows machine. The other can force Defender into a denial-of-service state, effectively shutting it down so it cannot protect you.

Defender updates automatically on most home devices, but many business networks restrict automatic updates for control purposes. If you manage a business network, you need to manually verify that your Defender version is current right now.

Schedule a FREE discovery call about having your endpoints and Defender status reviewed.

Good News — Law Enforcement Is Striking Back

Not everything is doom and gloom. Law enforcement around the world is making significant moves against cybercriminals.

Executives behind tech support scam operations have pled guilty in US court. Those are the operations behind the scary pop-ups claiming your computer is infected and the phone calls pretending to be Microsoft support. The people running those scams are now facing real legal consequences.

Beyond that, Interpol's Operation Ramsey seized 53 servers used for malware and phishing. Netherlands authorities seized 800 servers from a hosting company that was enabling cyber attacks. European police seized the first VPN service known to facilitate ransomware and data theft. US and Canadian authorities arrested the suspected admin of the KimWolf botnet. And at Pwn2Own Berlin 2026, ethical hackers earned over $1.2 million for responsibly disclosing 47 zero-day vulnerabilities to help the industry patch them before criminals exploit them.

Apple blocked over 2.2 billion potentially fraudulent App Store transactions in 2025, rejected more than 2 million problematic apps, blocked over 1.1 billion fake account creation attempts, and stopped more than 5.4 million stolen credit cards from being used. The lesson: only download apps from trusted, official sources.

Additional Threats to Watch Right Now

• Microsoft has confirmed that security update KB5089549 is failing to install on some Windows 11 systems. Check your update history and settings and do not ignore errors.
• A SonicWall VPN flaw allows attackers to bypass multi-factor authentication entirely. If you have a SonicWall firewall, contact your IT provider immediately to confirm you are protected. [Our team can audit your firewall configuration] → cybersecurity services page.
• A new macOS malware called ShUb is spoofing Apple security update notifications. Always go directly to System Settings to check for updates. Never click a pop-up telling you to update.

Your 6-Step Immediate Action List

1. Run Windows updates right now and confirm they completed successfully. Do not ignore errors.
2. Manually verify that Windows Defender is updating. If you are on a business network with restricted updates, do this manually.
3. Change your password for any 7-Eleven, Speedway, or Stripes loyalty account. Use a unique password for every account and use a password manager.
4. Talk to your family — especially anyone over 50 — about the crypto ATM scam. Show them this post or our video. It could save their savings.
5. If you use Microsoft 365 for business, have your IT provider review your OAuth permissions and access controls and implement 24/7/365 monitoring of your Microsoft accounts.
6. If your employees work remotely on laptops, treat unmanaged endpoints as a serious liability right now, given the YellowKey BitLocker bypass and MiniPlasma system-level access exploit.

A Faster PC — Proactive Cybersecurity for Florida Businesses

If any of this feels overwhelming, that is completely understandable. These are sophisticated, fast-moving threats that even experienced IT professionals have to work hard to keep up with. The good news is that you do not have to do it alone.

At A Faster PC, [we are a managed services provider] → managed IT services page serving businesses across Florida's Treasure Coast, Space Coast, and South Florida. We manage your updates, monitor your security around the clock, review your permissions, and protect your endpoints — proactively, before problems turn into disasters.

Give us a call at (772) 878-5978 or visit AFasterPC.com. While you are there, download our free cybersecurity report covering the top threats targeting Florida businesses right now and what you need to do about them.

When you have — or want to prevent — cybersecurity problems, you need A Faster PC.

Watch full video: Don't Click That: The Scam Stealing Millions in 2026.

About A Faster PC

A Faster PC is a leading managed services provider (MSP) serving Florida's Treasure Coast, Space Coast, and South Florida. We provide comprehensive IT support, advanced cybersecurity solutions, patch management, computer repair, and technical support for accounting offices, attorneys' offices, medical offices, dental offices, professional offices, small- to medium-sized businesses, non-profits, churches, home office users, and individuals throughout the regions.

Every week at 10:07 AM EST, A Faster PC hosts A Faster PC Live Technical Support which is a live Radio Show that is livestreamed to YouTube and Facebook and is available as a podcast. For various ways to listen to and watch A Faster PC Live Technical support, visit https://www.afasterpc.com/live-technical-support/.

A Faster PC services the following counties and cities: St. Lucie County including: Port St. Lucie, Fort Pierce, St. Lucie West, Tradition, St. Lucie Village; Martin County including: Stuart, Jensen Beach, Jupiter Island, Ocean Breeze Park, and Sewall's Point; Indian River County: including Vero Beach, Sebastian, Fellsmere, Indian River Shores; Palm Beach County including: Jupiter, Jupiter Inlet Colony, Juno Beach, Tequesta, Palm Beach Gardens, North Palm Beach, Palm Beach Shores, Riviera Beach, West Palm Beach, Wellington, Royal Palm Beach, Greenacres, Lake Worth Beach, Lantana, Boynton Beach, Ocean Ridge, Briny Breezes, Gulf Stream, Delray Beach, Highland Beach, and Boca Raton; Broward County including: Fort Lauderdale, Hollywood, Pompano Beach, Coral Springs, Pembroke Pines, Miramar, Davie, Plantation, Sunrise, Deerfield Beach, Lauderhill, Weston, Tamarac, Coconut Creek, Margate, Lauderdale Lakes, Oakland Park, Hallandale Beach, Cooper City, Wilton Manors, Lighthouse Point, Parkland, Lauderdale-by-the-Sea, Sea Ranch Lakes, Lazy Lake, Hillsboro Beach, Southwest Ranches, North Lauderdale, Dania Beach; Miami-Dade County including: Miami, Miami Beach, Hialeah, Miami Gardens, Coral Gables, Homestead, Doral, North Miami, Aventura, Kendall, Cutler Bay, Sunny Isles Beach, Key Biscayne, Pinecrest, Surfside, Bal Harbour, North Miami Beach, Palmetto Bay, Miami Springs, Opa-locka, Miami Lakes, Florida City, South Miami, Sweetwater, West Miami, Bay Harbor Islands, Biscayne Park, El Portal, Golden Beach, Hialeah Gardens, Indian Creek, Medley, North Bay Village, and Virginia Gardens; and Okeechobee County including: Okeechobee, Taylor Creek, Cypress Quarters, Fort Drum, and Basinger.