Tech Brief
Tech Brief — May 28, 2026
Your morning roundup of the most relevant technology and AI news. Curated by 312 IT Consulting for Chicagoland businesses.
Identity-based cloud attacks keep stealing the headlines, Microsoft and Salesforce both expanded their AI agent platforms, and Chicago's biggest IT leaders were honored downtown. Here's what mattered this week — and what each story means for a Chicagoland SMB.
Microsoft details how Storm-2949 turned one stolen identity into a cloud-wide breach
Microsoft's threat intelligence team published a detailed post-incident analysis of the Storm-2949 group, which used a single compromised user account to pivot across an entire victim's Microsoft Entra tenant — exfiltrating data from SharePoint, Exchange Online, and Azure resources before deploying ransomware. The attackers chained MFA fatigue prompts with token theft, then abused legitimate admin tools to spread quietly for weeks before detection.
Why it matters for your business: Most Chicago SMBs assume "we have MFA" is the finish line for identity security. Storm-2949 shows it isn't. Once an attacker has a valid session token, MFA is bypassed entirely. If your business runs on Microsoft 365 or Azure, talk to your IT provider about token-binding, sign-in risk policies, and Conditional Access — and consider an identity threat detection (ITDR) layer on top of Entra. Our cybersecurity checklist walks through the basics.
Read Microsoft's writeup →Critical SharePoint RCE (CVE-2026-45659, CVSS 8.8) — Microsoft pushes urgent fix
Microsoft released a security update for a remote code execution flaw in on-premises SharePoint Server tracked as CVE-2026-45659, with a CVSS score of 8.8. An authenticated attacker on the network can execute code with elevated privileges, which is enough to seed ransomware or steal files from any tenant sharing the server. Microsoft credits external researchers for coordinated disclosure; no public exploitation has been confirmed yet, but historically SharePoint RCEs are weaponized within days.
Why it matters for your business: If your business still runs an on-prem SharePoint Server — common for Chicago law firms, healthcare practices, and manufacturers with legacy document workflows — patch this week. If you've already migrated to SharePoint Online, you're not affected by this CVE, but it's a reminder that internet-exposed file servers remain a favorite target. Not sure what's still on-prem? Our IT audit guide covers how to inventory it quickly.
See the CVE detail →Microsoft 365 Copilot adds Claude Opus 4.7 and GPT-5.5 Instant — model choice arrives in the enterprise
Microsoft 365 Copilot's May release notes confirm two new model options: Claude Opus 4.7 (Anthropic) for complex, multi-step work with stronger instruction following and visual reasoning, and GPT-5.5 Instant for low-latency everyday questions and STEM tasks. Admins can choose which models are available to which users, and Copilot Cowork — Microsoft's long-running, multi-step agent runtime — now supports reusable skills, mobile, and broader app integrations as of May 5.
Why it matters for your business: If your team already has Copilot licenses, this is a free upgrade — but only if your admin enables the new models. Claude Opus 4.7 is meaningfully better at tasks like drafting client proposals, parsing long Excel workbooks, and writing technical documentation. Pilot it with one or two power users this week before rolling it out broadly. If you're still on the fence about Copilot for your team, our AI consulting service can help you scope a realistic ROI test.
Read the Copilot release notes →Salesforce Agentforce and Google Gemini now run end-to-end workflows across Slack, Google Workspace, and Salesforce
Salesforce and Google Cloud expanded their partnership so AI agents can read, reason over, and act on data across Salesforce, Slack, Gmail, Drive, and Calendar in a single workflow. Updated May 19, Salesforce confirmed Agentforce will natively support Gemini 3.5 Flash via the Atlas Reasoning Engine starting in June, with Gemini-Powered Reasoning available now. The launch coincides with Salesforce pushing its new Agentic Enterprise License Agreement (AELA) — a flat-fee bundle aimed at customers ready to deploy agents at scale.
Why it matters for your business: If you use Salesforce and Google Workspace today, AI agents that span both stacks are real and shippable — not a 2027 vision deck. Two cautions for SMBs: most cross-platform agents only work if your CRM data is clean and your permissions are tight, and the AELA model can get expensive fast. Start by listing the three workflows where your sales or support team copy-pastes between Salesforce and Gmail every day — those are your highest-ROI agent candidates. Need help scoping? Our Salesforce services include agent-readiness reviews.
Read the partnership announcement →2026 ChicagoCIO ORBIE Awards honor tech leaders at Ulta Beauty, Lurie Children's, Marmon, and Amsted Rail
The 2026 ChicagoCIO ORBIE Awards were held May 8 at the Chicago Marriott Downtown Magnificent Mile. Winners included Anuj Gaur of The Marmon Group (Leadership ORBIE), Mike Maresca of Ulta Beauty (Large Enterprise), Susan Goodson of Ann and Robert H Lurie Children's Hospital (Enterprise), Casey Hossa of Health New England (Large Corporate), and Michael McDonnell of Amsted Rail (Corporate). Ramesh Kollepara, formerly Global CTO at Kellanov, took the Global ORBIE.
Why it matters for your business: These winners run the IT functions at some of Chicagoland's most operationally complex companies — and their priorities tend to telegraph what mid-market and small businesses will be dealing with in 12–18 months. This year's themes were AI governance, identity modernization, and supply chain resilience. If you've been putting off any of those, treat this as the local signal that it's time. Want a free 30-minute call to see where your IT stacks up? Reach out.
See the full winners list →CrowdStrike and Google jointly take down GlassWorm command-and-control infrastructure
CrowdStrike, Google, and the Shadowserver Foundation announced the simultaneous disruption of every known command-and-control channel tied to GlassWorm, the persistent supply chain campaign that infected hundreds of npm and VS Code Marketplace packages since early 2025. The operation seized C2 domains, sinkholed traffic, and notified affected maintainers. Separately, researchers disclosed CVE-2026-27771 in Gitea, a flaw that lets unauthenticated attackers pull private container images — likely impacting more than 30,000 self-hosted deployments worldwide.
Why it matters for your business: Even non-engineering businesses are exposed to supply chain attacks like GlassWorm — your accounting SaaS, your marketing automation tool, and your custom internal apps are all built on open-source dependencies. Ask any vendor that ships you software two questions: do you sign your releases, and do you have a software bill of materials (SBOM)? If they can't answer, that's information. For Chicago SMBs running anything self-hosted (Gitea, GitLab, Bitwarden, Vaultwarden), patch this week.
Read the SecurityWeek coverage →Need help navigating these changes?
312 IT Consulting helps small and mid-size businesses in Chicagoland cut through the noise and implement technology that actually moves the needle. Call us at (224) 382-4084 or book a free consultation.
Book a Free Consultation