# Weekly IT Digest for UK IT Managers & Sysadmins

• **Microsoft Defender RPC Monitoring Now Live** — Defender for Endpoint is now actively monitoring Remote Procedure Call (RPC) activity to detect lateral movement and exploitation attempts; review your detection tuning if you're running Defender to avoid false positives in legacy systems heavy on RPC traffic.

• **AI Shadow IT & Data Loss Risk Escalating** — CrowdStrike's security advisories highlight that unmanaged AI tools and agentic AI deployments are creating significant data exfiltration vectors; enforce Entra ID Conditional Access policies to gate AI SaaS tools and consider Falcon for IT if you're a CrowdStrike customer for visibility into shadow AI usage.

• **Credential Theft via Fake Job Postings & App Updates** — North Korean threat actors are using fake developer job offers and malicious GitHub package updates (including PyPI trojanization and Android banking app spoofs) to harvest credentials and crypto; advise developers to verify job posting legitimacy and audit their dependency supply chains immediately.

• **Apple's Automatic Compromised Password Reset Now Available** — iOS/macOS now automatically rotates breached passwords without user intervention; test this feature in your BYOD environment and clarify password policy impact if users are syncing Apple Keychain with corporate identity systems.

• **NSO Phishing Campaigns Disrupted but Spyware Threat Remains** — WhatsApp blocked new NSO spyware phishing attempts this week, but the underlying threat persists; ensure staff are reminded not to click suspicious links and consider disabling message preview on lock screens across your managed device fleet.