This Week in IT: Microsoft Goes Solo on AI, VPN Zero-Day Exploited, and Phishing Gets Smarter
Welcome back to the itpick weekly news roundup — your no-nonsense summary of the tech stories that actually matter if you’re running a small business or just trying to keep your home setup safe and sensible. Grab a brew, here’s what happened this week.
Microsoft Is Done Playing Second Fiddle to OpenAI
For the past few years, Microsoft’s entire AI identity has been built around its partnership with OpenAI. Billions of pounds invested, Copilot products baked into everything from Word to Teams, and a very public bromance with ChatGPT’s makers. This week, though, Microsoft made it clear that chapter is closing.
Mustafa Suleyman, Microsoft’s AI chief, has been talking up the company’s ambitions to chase what the industry calls “superintelligence” — essentially, AI that can outthink humans across the board — and he’s framing Microsoft’s position as newly liberated rather than dependent on outside partnerships. Meanwhile, at Microsoft’s Build 2026 conference, the company doubled down on “agents” — AI systems that don’t just answer questions but actually carry out multi-step tasks inside your business tools, from pulling together reports to managing workflows automatically.
If you use Microsoft 365 with Copilot, expect these agentic features to start showing up more prominently over the coming months. Think of it less like a chatbot and more like a capable (if occasionally overconfident) digital colleague. Tools like Notion are already heading in a similar direction for smaller teams who want AI woven into their day-to-day work.
What this means for you: AI assistants are evolving from novelties into proper business tools — now’s a good time to explore what Copilot or similar tools can genuinely save you time on, rather than waiting for the dust to settle.
Critical VPN Flaw Exploited by Ransomware Gang — Patch Now
This one’s serious. Check Point, the Israeli cybersecurity firm, has confirmed that attackers have been actively exploiting a critical vulnerability in its Remote Access VPN and Mobile Access products. The culprit has been linked to the Qilin ransomware gang, a group that’s been causing significant damage across various sectors. Check Point has released patches, but the fact this was a zero-day — meaning crooks were using it before a fix existed — is a sharp reminder of how exposed unpatched remote access tools can leave you.
If your business uses any VPN solution, the message this week is simple: check for updates immediately and apply them. For home users and small businesses shopping for VPN protection, consumer-grade options like NordVPN or Surfshark aren’t typically subject to the same enterprise-targeted exploits, but keeping any security software current is non-negotiable regardless.
What this means for you: Unpatched VPN software is an open door for ransomware — check your VPN provider’s update page today and make sure you’re running the latest version.
AI Is Giving Phishing Attacks a Serious Power-Up
Phishing emails used to be fairly easy to spot — dodgy grammar, suspicious sender names, that unmistakable whiff of desperation. Not any more. This week, security researchers highlighted how attackers are now using AI to churn out polished, convincing phishing emails and fake login pages at industrial scale. The result is that security teams are being buried under alert after alert, making it harder to catch the genuinely dangerous ones hiding in the noise.
For small businesses without a dedicated IT security team, this shift is particularly concerning. If staff are receiving more convincing fake emails — mimicking your bank, your supplier, or even your own colleagues — the risk of someone clicking through and handing over credentials goes up considerably. A solid password manager like NordPass, combined with multi-factor authentication, can limit the damage even when someone does fall for a convincing lure.
What this means for you: Train your team to be sceptical of any email asking for login details or urgent action, and make sure everyone is using unique passwords and two-factor authentication across business accounts.
That’s Your Week in IT
It’s been a busy one — Microsoft is repositioning itself as an AI powerhouse in its own right, ransomware gangs are actively hunting for unpatched VPN flaws, and AI-powered phishing is making life harder for everyone trying to keep their systems secure. The common thread? Keeping your software updated and your team clued-up remains the most effective defence money can’t always buy. See you next week.