👋 Good morning, folks!
It’s Friday, April 18th, and welcome back to The Daily Threat. If you’re a fan of flipping off Microsoft Defender to run a quick test or install something sketchy (we see you, IT pros), well, your life just got a little harder. Today’s top story is all about Microsoft locking down Defender. Plus, a new phishing wave is targeting finance teams, and a notorious ransomware crew just had a very bad day.

🧨 Today’s Top Story: Microsoft Defender Gets Tougher on Users
What Happened:
In a surprise update, Microsoft has made a big change to Defender: users can no longer disable real-time protection from the Windows Security app. That toggle you used to switch off for five minutes? It’s gone. Microsoft says this is part of a bigger push to harden security defaults across Windows systems and reduce human error.

Why It Matters:
This move puts more control in the hands of IT admins and less in the hands of end users—especially helpful in environments where one bad decision can lead to ransomware. If you're managing remote teams or less security-savvy employees, this is good news.

What You Can Do:

• If you're an admin, use Group Policy or Intune to control Defender behavior across your org.

• Communicate with your team so they don’t waste time looking for a setting that no longer exists.

• Keep your endpoint protection policies up to date—this is a sign of more aggressive defaults coming.

⚡ Quick Hits

📨 Phishing Surge Targets Finance Teams
A new phishing campaign is spoofing CFOs and payroll systems, with attackers sending fake “bonus payment” requests. The emails are convincing and bypassing some traditional spam filters. Now’s the time to train finance teams on social engineering red flags.

🔐 LockBit’s Ransomware Tool Gets Cracked
Good news for victims of LockBit: cybersecurity researchers have released a working decryptor that can unlock systems infected with the gang’s latest strain. The tool is free, and victims are already reporting successful recoveries. Score one for the good guys.

📦 Supply Chain Risk: Popular WordPress Plugin Vulnerable
A critical vulnerability in a widely used WordPress plugin allows attackers to run arbitrary code on business sites. Over 100,000 installs are affected. If your website uses WP plugins, patch immediately or disable the affected ones.

🧩 Did you know?
The average business user receives 14 phishing emails per month—but only reports one. That means 13 risky messages are potentially sitting in inboxes waiting to be clicked. Train smart, click slow.

🛡️ Expert Insight
“Security isn’t about trusting your users—it’s about building systems that don’t break when someone makes a mistake. Microsoft’s move with Defender is a step in the right direction.”
— Dana Willis, Endpoint Security Specialist

👋 That’s a wrap for today!
Keep those systems locked down, those eyes on the inbox, and that coffee cup full. If this helped you out, share it with your team. We’ll be back Monday with more cybersecurity news that keeps your business ahead of the threats. Stay safe and enjoy the weekend!