Ray Wesner

If your business website runs on WordPress, here’s a quick check for you 🔎 There’s a popular plugin called Quiz and Survey Master (QSM). It’s used by more than 40,000 websites to create quizzes, surveys and forms without needing any coding. Unfortunately, versions 10.3.1 and older were recently found to have a serious security flaw. The issue is what’s known as an SQL injection vulnerability. SQL is the language used to talk to a website’s database, the part that stores things like user accounts, submissions, and other important data. An SQL injection flaw means someone can sneak malicious commands into that database. In this case, any logged-in user, even someone with a basic subscriber account, could potentially inject commands into the system. That could allow actions like: 🚫 Accessing sensitive data 🚫 Extracting information from the database 🚫 Manipulating content The vulnerability is tracked as CVE-2025-67987, and it was fixed in version 10.3.2. The latest version available is 10.3.5, which is the safest bet. Based on https://t.co/C2SV1Eeiu0 data, just over half of websites using QSM are on version 10.3. That means a large number are likely still vulnerable. That’s potentially tens of thousands of sites. Right now, there’s no confirmed evidence of this flaw being actively exploited. But once a vulnerability is public, attackers often start scanning the internet looking for unpatched sites. 👉 If your site uses this plugin, the solution is straightforward: Update it immediately 👈 More broadly, this is a reminder of something I say often to business owners: WordPress itself isn’t usually the weak link. It’s the plugins. Every plugin you install adds functionality but also adds potential risk. If you’re not actively using a plugin or theme, it shouldn’t just be deactivated. It should be deleted from the server completely. Websites aren’t a set and forget asset. They’re part of your digital infrastructure. If they’re vulnerable, they can become an entry point into your wider systems. Especially if admin accounts reuse passwords across services. ❓ When was the last time someone checked which plugins your website is running and whether they’re fully up to date?

If you’ve ever tried to get an AI tool to understand a whole project instead of just one document, you’ll appreciate this… Microsoft has introduced something called Copilot Agents in OneDrive. And this is where AI starts to feel a bit more useful for real-world business work 🤖 Here’s the problem it’s trying to solve. Normally, if you ask Copilot to summarize or analyze something, you’re doing it one file at a time. One Word document. One spreadsheet. One PowerPoint. But projects don’t live in one file. They live across proposals, meeting notes, budgets, timelines, research documents, and email summaries. With OneDrive Agents, you can now select up to 20 related files and bundle them together into what’s saved as a .agent file. Instead of asking: “Summarize this file…” You can ask: “What deadlines are coming up across this whole project?” “Where are the risks?” “What did we agree in the last three meetings?” And it has the context of all the selected files, not just one. The agent behaves like other AI tools. It can summarize, answer questions, surface key points. But it’s operating with a broader understanding. Even better, these agents are saved as files inside OneDrive. That means you can share the .agent file with colleagues. They don’t need to recreate the setup themselves. You’re all working from the same AI “view” of the project. As projects evolve, you can add or remove documents from the agent or refine the instructions it uses. It stays aligned with the latest information instead of becoming outdated. Right now, this feature is available to people with a Microsoft 365 Copilot license accessing OneDrive via the web. It’s clearly still evolving. Microsoft is asking for feedback, which suggests it’s watching closely to see how businesses use it. From a business owner’s perspective, the real value is reducing the time spent hunting across folders, trying to piece together context. If AI can help you understand a whole project in one place instead of ten separate files, that’s meaningful productivity. 🤔 The question is, would you trust an AI agent to interpret multiple important documents at once, or would you still prefer to read everything yourself?

If you receive a message saying a large Apple Pay payment has been blocked and you need to call a number urgently… STOP 🚩 There’s a new scam circulating that targets Apple users, and it’s very convincing. The email or text usually claims that a high-value purchase has been attempted using your Apple Pay details. It might mention suspicious activity, a blocked transaction, or even a fake case number. The branding looks polished. The formatting feels official. Really? The phone number in the message connects you directly to scammers. The tactic is simple. Create anxiety about losing a significant amount of money, then offer a quick solution 😱 When people believe their account is under threat, they’re more likely to act without double-checking. Once on the phone, the criminals typically try to gather your Apple ID login details, verification codes sent to your device, or card information. With that, they can attempt to take control of your account ⚠️ Here are a few important facts: Apple does not send fraud alerts asking you to call a number included in an email or text message. It also doesn’t use aggressive language suggesting your account will be locked if you don’t respond immediately. That kind of urgency is a common phishing technique 🎣 If you ever receive something like this, check the sender’s email address carefully. It may look genuine at first glance, but small spelling errors or unusual domain names often give it away. Generic greetings like “Hello {Name}” instead of your actual name are another warning sign. It’s also worth remembering that if a payment really were suspicious, your bank would normally step in automatically. Banks tend to block unusual transactions and contact you directly through official channels. You would approve a legitimate payment, not scramble to stop it via a random phone number in a text. If you’re unsure, don’t use any contact details from the message 🚫 Instead, go directly to Apple’s official website yourself and use the support options there. Or check your purchase history on your device: Settings > Tap your name > Media & Purchases > View Account > Purchase History That will show you whether any genuine transactions have taken place. Scammers are becoming more sophisticated. They’re using better branding, cleaner layouts, and fewer obvious mistakes. That makes it even more important to slow down and verify before responding. ❓ If someone in your business received a message like this, would they know to ignore the phone number and check through official channels instead?

Do you use an Android phone for work? 📱 Security researchers have uncovered a new piece of Android malware that can track almost everything you do on it. And I don’t mean basic tracking. We’re talking: 👉 PIN entries 👉 Login credentials 👉 Messages 👉 Banking app activity The clever (and worrying) part is how it spreads 🦠 The app is called TrustBastion. It pretends to be a security tool. Victims see pop-ups or adverts claiming their phone is infected with malware or scam messages. The “solution”? Install this app to clean things up. That fear tactic works more often than you’d think 😱 At first glance, the app looks harmless. But it’s what’s known as a dropper. That means the app itself doesn’t contain the malicious code straight away. Instead, it downloads it after installation. Once installed, it shows a fake “update” screen that looks very similar to official Android or Google Play messages. If you agree, a manipulated APK file (that’s the installation package format Android uses) is downloaded in the background. But the download doesn’t come from some obviously shady server. It comes from Hugging Face, a well-known developer and AI platform with a strong reputation. The infrastructure looks legitimate, so many security tools don’t immediately flag it as suspicious. The attackers hide behind a trusted name. After installation, the malware requests extensive permissions and pretends to be a system component called “Phone Security”. It then asks for Accessibility permissions. Accessibility features are designed to help users with disabilities. But when misused, they give apps the ability to read what’s on your screen, log what you type, and overlay content on top of other apps. That means this malware can: ⚠️ Capture PIN codes and unlock patterns ⚠️ Overlay fake login screens on top of real banking apps ⚠️ Intercept payment details and messages The stolen data is sent back to the attackers’ servers, and the malware can even receive updates or new instructions. To make detection harder, the criminals are using something called server-side polymorphism. That means they generate slightly modified versions of the malware every 15 minutes. Within a month, researchers found more than 6,000 variants. Traditional antivirus tools often look for known “signatures”. If the file keeps changing slightly, it’s harder to block. So, what should you take from this? First: Only install apps from the Google Play Store. Second: Be extremely cautious of apps that claim to clean or secure your phone while asking for deep system permissions. Third: Only enable Accessibility access if you fully understand why the app needs it. And don’t assume that because something’s hosted on a reputable platform, it’s automatically safe. If your business lets staff access email, banking or cloud systems from their phones, mobile security is vital. 🤔 When was the last time you reviewed what apps are installed on your company devices?

If you spend a big chunk of your week inside Microsoft Teams, small changes can make a surprisingly big difference. There are a few new features on the way that are worth knowing about, especially if meetings and collaboration are part of your daily routine. Let’s start with the one I think many people will love 💛 You’ll soon be able to hide the entire meeting control toolbar. You know the bar at the top or bottom of a Teams meeting with mute, camera, share screen, leave, and so on? That can now be completely hidden, giving you more screen space during meetings. If you’re presenting, reviewing a spreadsheet, or looking at detailed content, that extra space matters. It feels cleaner and less cluttered. And this isn’t just a one-time setting. If you choose to hide it, that preference sticks across meetings. Worried you’ll lose control? You won’t. You can bring the toolbar back instantly by hovering your mouse or pressing the Tab key. Keyboard shortcuts for things like mute still work whether the bar is visible or not. It’s a small tweak, but it makes Teams feel less intrusive and more focused. There’s also an upgrade coming to the image viewer 🔎 If someone shares multiple images in a chat, you’ll be able to scroll through all of them in one place. Even better, the viewer will show the original message header so you can jump straight back to where that image was posted. If you’ve ever scrolled endlessly trying to find that screenshot from last week, this will help 📸 Another subtle improvement: Your recently used emojis will sync across Windows and mobile. It sounds minor, but if you use the same handful of emojis regularly (and most of us do), not having to re-find them saves time and friction 🤩 For those who share code snippets in Teams, there are also improvements to code blocks. Better keyboard navigation, line numbers, and the ability to set the code language more easily. That makes technical collaboration smoother and reduces confusion when discussing specific lines. When tools get slightly easier to use every day, productivity improves without anyone noticing why. ❓ If you and your people live in Teams, which would you value more, cleaner meetings, faster navigation, or smarter collaboration features?

The Start menu is one of those things people don’t often think about, unless it changes 😄 Windows 11 has rolled out a redesigned Start menu, and more devices are now seeing it automatically. If it hasn’t appeared on yours yet, it likely will soon. But this isn’t a radical overhaul. It’s more of a tidy-up than a revolution 😅 Microsoft says it wanted to keep the original “Start” promise: A place where you begin your work. But it also wanted it to feel quicker, calmer, and more personal. So, what’s different? At the top, you still have a search bar. That’s intentional. Microsoft wants search to be the fastest way to jump straight to an app, file, or setting. Below that, you’ve got your pinned apps, the shortcuts you choose to keep there. Then comes the part people have strong opinions about… the Recommended section. This shows suggested files and apps based on what you’ve been working on. Microsoft says it added this because people wanted smarter suggestions that learn in real time. But you can now turn it off 🚫 If you don’t like the Recommended feed, you can disable it in: Settings > Personalization > Start. There’s a toggle for showing recommended files and recent items. The catch is that this also switches off recent items in File Explorer and in the taskbar’s right-click menus. It’s not completely isolated. Another noticeable change is how all your apps are displayed. Instead of digging into a long alphabetical list and scrolling endlessly, there’s now a category view. It groups apps together and prioritizes the ones you use most. Microsoft admits it wanted this to feel a bit more like a smartphone layout 📲 Quicker visual scanning, less marathon scrolling. Whether you like that or not will probably come down to personal preference. There’s also an optional Phone Link panel that slides in from the side when you need it and stays hidden when you don’t. It’s designed to make your connected phone feel closer to your desktop without cluttering the interface. Now, here’s the honest bit. If you already disliked the current Windows 11 Start menu, this probably won’t change your mind. It’s an evolution, not a throwback to Windows 7. And no, you still can’t move the taskbar. Microsoft says that would break the UI flow and animations, which hasn’t silenced the debate 🤫 The bigger question is practical: Does this make it faster for your team to find what they need? Because when someone wastes 30 seconds hunting for an app, ten times a day, across twenty employees… that adds up. 💬 When you use your PC, do you mostly click pinned apps, or do you rely on search to find everything?

Have you ever gone into Windows settings to check your storage… and been hit with one of those “Do you want to allow this?” pop-ups? That’s not random 😱 Windows 11 has introduced a security change that affects the Storage section inside Settings. Now, when you open Settings → System → Storage, Windows triggers a User Account Control (UAC) prompt. UAC is the security pop-up that asks for permission before allowing changes that could affect the system. If you’re using an admin account, you click “Yes” and carry on as normal. But if you’re not an admin, and on a business machine where staff have standard user accounts you may not be, you’ll be blocked from accessing the Storage panel unless you enter the admin password. In simple terms, Windows is putting a small lock on the storage controls 🔐 Storage settings allow you to delete files, manage drives, and remove system data. If someone with limited access decided to start “cleaning up” without understanding what they were deleting, it could cause problems. It also adds a minor extra hurdle if an unauthorized person gains access to the machine locally. It’s not going to stop a determined attacker on its own, but layered security is about reducing easy wins. From a business perspective, this is sensible. In most companies, staff shouldn’t have full control over system storage anyway. Limiting access to more sensitive settings reduces accidental damage. The only slightly awkward part is that this change arrived without warning. The first time the pop-up appears, it can feel confusing because it didn’t happen before. It also adds an extra click to what used to be a seamless process. There’s also a small wrinkle at the moment. Some temporary file cleanup options (related to old Windows updates and drivers) seem to have disappeared from the Storage panel. They can still be removed using the older Disk Cleanup tool, but Microsoft will likely tidy that up. Overall, I’d rather see Windows lean slightly more secure than slightly more convenient, wouldn’t you? 👉 Are your team members using standard accounts or does everyone still have admin access just in case?

If I asked you where your biggest security risks sit, you’d probably say email, passwords, or maybe remote access, right? Very few business owners would point at Excel or PowerPoint. And yet, Office apps are one of the most common entry points attackers use ☠️ That’s why Microsoft has released an updated security baseline for Microsoft 365 Office apps. It’s a tightening of the screws behind the scenes 🪛 In simple terms, a security baseline is Microsoft’s recommended “secure settings template”. IT admins can apply it to make Word, Excel, PowerPoint and the rest more resistant to modern attack methods. This latest version focuses heavily on reducing the risk created by older components and external connections. Take Excel, for example. If a spreadsheet contains a link to pull in data from an external source, and that source is blocked under your security rules, Excel will now refuse to refresh it. You will see an error instead. Attackers often hide malicious data connections inside spreadsheets. If Excel automatically reaches out to an untrusted source, that can create an opportunity for compromise. Stopping that automatic refresh removes a potential weakness. In PowerPoint, Microsoft is disabling OLE content. OLE (Object Linking and Embedding) is a long-standing technology that allows content from other applications to be embedded into files. It has legitimate uses, but it has also been exploited in the past. Reducing reliance on older embedding mechanisms lowers the risk profile. Across all Microsoft 365 apps, there are further changes, including: 🔒 Blocking documents that try to use non-HTTPS web connections (HTTPS is the encrypted, secure version of web traffic) 🔒Disabling older graph components that aren’t widely used anymore 🔒 Turning off legacy add-ins like the classic OrgChart 🔒 Preventing fallback to outdated network protocols Microsoft is steadily moving businesses away from older technologies that attackers know how to abuse. For you, the important thing is this: These stronger settings need to be deployed by your IT team using Microsoft’s Security Compliance Toolkit. They don’t automatically switch on everywhere. 🤔 When was the last time someone reviewed how your Office apps are configured, not just whether they’re up to date?

If you’ve ever logged into SharePoint late at night to fix something quickly, you’ll understand this one 😅 Microsoft is adding dark mode to the SharePoint admin center. Now, before you think this is just a cosmetic tweak, hear me out 👂 For years, most of the Microsoft 365 admin portals have supported dark mode. Exchange. Teams. The main Microsoft 365 admin center. But SharePoint? Bright white screen. Every time. If you prefer dark mode (and a lot of people do), jumping into SharePoint always felt a bit… jarring. That’s finally being fixed 🎉 Admins will now be able to switch between light and dark themes inside the SharePoint admin center. It’s optional. Nothing is being forced on anyone. And importantly: • This doesn’t change any settings • It doesn’t affect end users • It doesn’t require any preparation • It’s purely about visual comfort and accessibility Dark mode reduces the amount of bright light your screen emits. For people working long hours, or logging in during the evening to deal with an issue, it can reduce eye strain and make the experience more comfortable 🌙 It’s not going to revolutionize your business, but small quality-of-life improvements matter more than people think. There’s also a consistency benefit here. If you’ve already chosen dark mode across other Microsoft 365 portals, SharePoint will now align with that preference instead of standing out like a floodlight. Switching it on is simple: Open the SharePoint admin center from the Microsoft 365 admin portal and use the Dark Mode toggle in the top right. That’s it. I often say that good IT isn’t always about dramatic new features. Sometimes it’s about making everyday tools slightly more pleasant to use. 👀 If you regularly manage SharePoint, do you prefer dark mode across your tools or are you still sticking with the classic bright white screens?