Bailey Systems, LLC

Why DNS Matters and How to Make Sure You Control Your Company Domain

Most businesses rely on their domain every day without thinking about it. Email, websites, Microsoft 365, VPN access, and other services all depend on DNS working correctly. When something goes wrong, the impact can be immediate.

DNS, or Domain Name System, translates your domain name into the IP addresses systems use to communicate. It directs email, connects users to your website, and verifies many of the cloud services your business depends on. If you lose access to your domain or DNS, you lose control over those services.

A common issue we see is businesses not having proper access to their domain. This often happens when the domain was registered years ago by a former employee or vendor. Over time, credentials are lost and no one is sure who is in control.

When that happens, problems follow. You may not be able to renew the domain, which can lead to expiration. Simple updates like changing email records become difficult or impossible. If a third party controls DNS without visibility, it can slow down changes and create risk. There are also security concerns like unauthorized changes or domain hijacking.

These issues are preventable with a few key steps.
Make sure you know where your domain is registered and that your business has access using a shared company account. Secure that account with multi-factor authentication and store credentials in a password manager.

Keep a record of your DNS entries, including email records like MX, SPF, DKIM, and DMARC, along with website and service records. This makes troubleshooting and migrations much easier.

Consider using a reliable DNS provider such as Cloudflare or Microsoft DNS for better uptime and control. Enable domain locking to prevent unauthorized transfers.

Finally, plan for long term ownership. Use role-based accounts like [email protected] and keep ownership details up to date so control stays with the business.

Your domain is one of your most important digital assets. Losing access can disrupt operations and take significant time to recover. A quick review now can prevent major issues later.

If you are not sure who controls your domain or want help reviewing your DNS setup, it is worth addressing sooner rather than later.

Critical Security Flaw Found in Claude Code After Source Code Leak

Anthropic’s AI powered development tool, Claude Code, is under the spotlight after two serious security related events occurred within days of each other. First, the company accidentally exposed the tool’s source code. Shortly afterward, researchers identified a critical vulnerability that could allow attackers to bypass built in safety mechanisms.

What Happened?
On March 31, 2026, Anthropic unintentionally published a debugging source map file as part of a Claude Code update on the public npm registry. That file made it possible to reconstruct more than 500,000 lines of Claude Code’s TypeScript source code. Anthropic confirmed that no customer data, credentials, or AI model weights were leaked. However, the exposed code revealed internal logic related to permissions, command handling, and safeguards. Because the tool’s source was widely mirrored online, researchers and attackers alike gained insight into how Claude Code enforces its security rules.

The Discovered Vulnerability
Soon after the source code leak, security firm Adversa AI identified a critical flaw in Claude Code’s permission system. The tool is designed to block risky commands like curl and wget to prevent data theft. However, it limits how deeply it analyzes large compound commands to avoid performance issues.

If a command exceeds 50 subcommands, Claude Code skips full enforcement and instead asks the user to approve ex*****on. Attackers can exploit this behavior using prompt injection techniques, often hiding malicious instructions inside trusted looking files such as CLAUDE.md. A user who approves the request may unknowingly allow dangerous commands to run.
Adversa noted that this is a logic flaw in the permission system itself and not a failure of the AI model’s safety layer.

Why This Is Important
Claude Code has deep access to local systems, including the ability to edit files, execute shell commands, and manage development workflows. Any weakness in its security controls could put developer machines and organizational environments at risk. This is especially concerning for teams that rely heavily on AI assisted coding tools and automation.
The incident highlights a broader risk as AI tools gain more autonomy and system level access.

Recommended Precautions
-Only install Claude Code from official sources
-Be cautious when approving large or complex command requests
-Avoid running AI tools against untrusted repositories
-Apply security updates and advisories promptly
As AI powered tools evolve, they must be treated like other privileged software. This event serves as a reminder that strong security controls remain essential, even when tools are designed to increase productivity.

CISA Warns of Active Attacks Targeting Microsoft SharePoint

CISA has issued an urgent warning about a critical Microsoft SharePoint vulnerability that is now being actively exploited. The flaw affects on‑premises SharePoint servers and allows attackers to run malicious code remotely without authentication, creating a serious security risk.

What You Need to Know
The vulnerability, tracked as CVE‑2026‑20963, affects:
-SharePoint Server 2016
-SharePoint Server 2019
-SharePoint Server Subscription Edition

It was patched by Microsoft in January 2026, but many servers remain unpatched. The flaw allows attackers to gain remote code ex*****on, which can lead to full server compromise, data theft, and further access into the network.

Why This Matters
CISA has confirmed real‑world exploitation and added the vulnerability to its Known Exploited Vulnerabilities catalog. While details of the attacks are limited, vulnerabilities like this are commonly used as an entry point for larger breaches.
Any SharePoint server exposed to the internet is at especially high risk.

Who Is Most at Risk
Organizations should be especially concerned if they:
-Run on‑premises SharePoint servers
-Expose SharePoint to the internet
-Still use unsupported versions like SharePoint 2007, 2010, or 2013

Unsupported versions no longer receive security updates and remain permanently vulnerable.

Recommended Actions
Microsoft and CISA recommend immediate action:
-Install the January 2026 SharePoint security updates
-Verify all SharePoint servers are patched
-Restrict or remove external access where possible
-Upgrade or retire unsupported SharePoint versions

Bottom Line
Unpatched SharePoint servers are a high‑value target for attackers. Even older or lightly used SharePoint systems can provide a direct path into a network. This alert is a strong reminder to review legacy systems and confirm that critical security updates are not being missed.

Microsoft Teams Is Being Used to Impersonate IT Support

Microsoft Teams is now a common target for social engineering attacks, and recent campaigns show how easily trusted tools can be abused.Threat actors are impersonating internal IT staff through Microsoft Teams and convincing users to grant remote access using Windows Quick Assist. Once access is approved, attackers can steal credentials, deploy malware, and begin reconnaissance without exploiting any software vulnerability.

How the Attack Happens
The attack starts with a message or call in Microsoft Teams from someone claiming to be IT support. The account is usually external, but the display name is set to look legitimate. Because the message arrives through Teams, many users assume it is safe. The attacker creates urgency by claiming there is a security issue, account problem, or unusual activity. In some cases, the user has already experienced spam or technical issues, making the message feel believable. The attacker then asks the user to open Windows Quick Assist, a built in Microsoft remote support tool. Sometimes the user is also sent a fake Quick Assist page and asked to sign in. Once the user approves the session, the attacker gains remote control of the system. From there, attackers have been observed stealing credentials, running discovery commands, and deploying malware disguised as legitimate update tools. These techniques are commonly associated with ransomware groups and hands on keyboard attacks.

Why This Works So Well
This attack does not rely on malware at the start. It relies on trust.
Microsoft Teams is widely used and approved. Quick Assist is a signed Microsoft application and is installed by default on many systems. Because the tools are legitimate, security controls may not flag the activity until after access is already granted. In simple terms, the attacker is not breaking in. They are being invited in.

How Organizations Can Reduce Risk
Organizations should review who can send external Teams messages and consider restricting unsolicited one to one chats. If Quick Assist is not required, it should be disabled. If it is required, its use should be limited to defined support processes and monitored. Strong identity protections such as multi factor authentication and conditional access help reduce the impact of stolen credentials. Most importantly, users should be clearly told that IT will never initiate unexpected Teams messages or calls asking for remote access or credentials.

Final Takeaway
Attackers are adapting to how people work. As collaboration tools replace email, social engineering is moving with them. Security is no longer just about blocking malware. It is about setting clear expectations, limiting trust by default, and protecting users from being socially engineered through the tools they use every day.