CloudNett

If you’ve ever tried to get an AI tool to understand a whole project instead of just one document, you’ll appreciate this… Microsoft has introduced something called Copilot Agents in OneDrive. And this is where AI starts to feel a bit more useful for real-world business work 🤖 Here’s the problem it’s trying to solve. Normally, if you ask Copilot to summarize or analyze something, you’re doing it one file at a time. One Word document. One spreadsheet. One PowerPoint. But projects don’t live in one file. They live across proposals, meeting notes, budgets, timelines, research documents, and email summaries. With OneDrive Agents, you can now select up to 20 related files and bundle them together into what’s saved as a .agent file. Instead of asking: “Summarize this file…” You can ask: “What deadlines are coming up across this whole project?” “Where are the risks?” “What did we agree in the last three meetings?” And it has the context of all the selected files, not just one. The agent behaves like other AI tools. It can summarize, answer questions, surface key points. But it’s operating with a broader understanding. Even better, these agents are saved as files inside OneDrive. That means you can share the .agent file with colleagues. They don’t need to recreate the setup themselves. You’re all working from the same AI “view” of the project. As projects evolve, you can add or remove documents from the agent or refine the instructions it uses. It stays aligned with the latest information instead of becoming outdated. Right now, this feature is available to people with a Microsoft 365 Copilot license accessing OneDrive via the web. It’s clearly still evolving. Microsoft is asking for feedback, which suggests it’s watching closely to see how businesses use it. From a business owner’s perspective, the real value is reducing the time spent hunting across folders, trying to piece together context. If AI can help you understand a whole project in one place instead of ten separate files, that’s meaningful productivity. 🤔 The question is, would you trust an AI agent to interpret multiple important documents at once, or would you still prefer to read everything yourself?

If you receive a message saying a large Apple Pay payment has been blocked and you need to call a number urgently… STOP 🚩 There’s a new scam circulating that targets Apple users, and it’s very convincing. The email or text usually claims that a high-value purchase has been attempted using your Apple Pay details. It might mention suspicious activity, a blocked transaction, or even a fake case number. The branding looks polished. The formatting feels official. Really? The phone number in the message connects you directly to scammers. The tactic is simple. Create anxiety about losing a significant amount of money, then offer a quick solution 😱 When people believe their account is under threat, they’re more likely to act without double-checking. Once on the phone, the criminals typically try to gather your Apple ID login details, verification codes sent to your device, or card information. With that, they can attempt to take control of your account ⚠️ Here are a few important facts: Apple does not send fraud alerts asking you to call a number included in an email or text message. It also doesn’t use aggressive language suggesting your account will be locked if you don’t respond immediately. That kind of urgency is a common phishing technique 🎣 If you ever receive something like this, check the sender’s email address carefully. It may look genuine at first glance, but small spelling errors or unusual domain names often give it away. Generic greetings like “Hello {Name}” instead of your actual name are another warning sign. It’s also worth remembering that if a payment really were suspicious, your bank would normally step in automatically. Banks tend to block unusual transactions and contact you directly through official channels. You would approve a legitimate payment, not scramble to stop it via a random phone number in a text. If you’re unsure, don’t use any contact details from the message 🚫 Instead, go directly to Apple’s official website yourself and use the support options there. Or check your purchase history on your device: Settings > Tap your name > Media & Purchases > View Account > Purchase History That will show you whether any genuine transactions have taken place. Scammers are becoming more sophisticated. They’re using better branding, cleaner layouts, and fewer obvious mistakes. That makes it even more important to slow down and verify before responding. ❓ If someone in your business received a message like this, would they know to ignore the phone number and check through official channels instead?

Do you use an Android phone for work? 📱 Security researchers have uncovered a new piece of Android malware that can track almost everything you do on it. And I don’t mean basic tracking. We’re talking: 👉 PIN entries 👉 Login credentials 👉 Messages 👉 Banking app activity The clever (and worrying) part is how it spreads 🦠 The app is called TrustBastion. It pretends to be a security tool. Victims see pop-ups or adverts claiming their phone is infected with malware or scam messages. The “solution”? Install this app to clean things up. That fear tactic works more often than you’d think 😱 At first glance, the app looks harmless. But it’s what’s known as a dropper. That means the app itself doesn’t contain the malicious code straight away. Instead, it downloads it after installation. Once installed, it shows a fake “update” screen that looks very similar to official Android or Google Play messages. If you agree, a manipulated APK file (that’s the installation package format Android uses) is downloaded in the background. But the download doesn’t come from some obviously shady server. It comes from Hugging Face, a well-known developer and AI platform with a strong reputation. The infrastructure looks legitimate, so many security tools don’t immediately flag it as suspicious. The attackers hide behind a trusted name. After installation, the malware requests extensive permissions and pretends to be a system component called “Phone Security”. It then asks for Accessibility permissions. Accessibility features are designed to help users with disabilities. But when misused, they give apps the ability to read what’s on your screen, log what you type, and overlay content on top of other apps. That means this malware can: ⚠️ Capture PIN codes and unlock patterns ⚠️ Overlay fake login screens on top of real banking apps ⚠️ Intercept payment details and messages The stolen data is sent back to the attackers’ servers, and the malware can even receive updates or new instructions. To make detection harder, the criminals are using something called server-side polymorphism. That means they generate slightly modified versions of the malware every 15 minutes. Within a month, researchers found more than 6,000 variants. Traditional antivirus tools often look for known “signatures”. If the file keeps changing slightly, it’s harder to block. So, what should you take from this? First: Only install apps from the Google Play Store. Second: Be extremely cautious of apps that claim to clean or secure your phone while asking for deep system permissions. Third: Only enable Accessibility access if you fully understand why the app needs it. And don’t assume that because something’s hosted on a reputable platform, it’s automatically safe. If your business lets staff access email, banking or cloud systems from their phones, mobile security is vital. 🤔 When was the last time you reviewed what apps are installed on your company devices?

If you spend a big chunk of your week inside Microsoft Teams, small changes can make a surprisingly big difference. There are a few new features on the way that are worth knowing about, especially if meetings and collaboration are part of your daily routine. Let’s start with the one I think many people will love 💛 You’ll soon be able to hide the entire meeting control toolbar. You know the bar at the top or bottom of a Teams meeting with mute, camera, share screen, leave, and so on? That can now be completely hidden, giving you more screen space during meetings. If you’re presenting, reviewing a spreadsheet, or looking at detailed content, that extra space matters. It feels cleaner and less cluttered. And this isn’t just a one-time setting. If you choose to hide it, that preference sticks across meetings. Worried you’ll lose control? You won’t. You can bring the toolbar back instantly by hovering your mouse or pressing the Tab key. Keyboard shortcuts for things like mute still work whether the bar is visible or not. It’s a small tweak, but it makes Teams feel less intrusive and more focused. There’s also an upgrade coming to the image viewer 🔎 If someone shares multiple images in a chat, you’ll be able to scroll through all of them in one place. Even better, the viewer will show the original message header so you can jump straight back to where that image was posted. If you’ve ever scrolled endlessly trying to find that screenshot from last week, this will help 📸 Another subtle improvement: Your recently used emojis will sync across Windows and mobile. It sounds minor, but if you use the same handful of emojis regularly (and most of us do), not having to re-find them saves time and friction 🤩 For those who share code snippets in Teams, there are also improvements to code blocks. Better keyboard navigation, line numbers, and the ability to set the code language more easily. That makes technical collaboration smoother and reduces confusion when discussing specific lines. When tools get slightly easier to use every day, productivity improves without anyone noticing why. ❓ If you and your people live in Teams, which would you value more, cleaner meetings, faster navigation, or smarter collaboration features?

The Start menu is one of those things people don’t often think about, unless it changes 😄 Windows 11 has rolled out a redesigned Start menu, and more devices are now seeing it automatically. If it hasn’t appeared on yours yet, it likely will soon. But this isn’t a radical overhaul. It’s more of a tidy-up than a revolution 😅 Microsoft says it wanted to keep the original “Start” promise: A place where you begin your work. But it also wanted it to feel quicker, calmer, and more personal. So, what’s different? At the top, you still have a search bar. That’s intentional. Microsoft wants search to be the fastest way to jump straight to an app, file, or setting. Below that, you’ve got your pinned apps, the shortcuts you choose to keep there. Then comes the part people have strong opinions about… the Recommended section. This shows suggested files and apps based on what you’ve been working on. Microsoft says it added this because people wanted smarter suggestions that learn in real time. But you can now turn it off 🚫 If you don’t like the Recommended feed, you can disable it in: Settings > Personalization > Start. There’s a toggle for showing recommended files and recent items. The catch is that this also switches off recent items in File Explorer and in the taskbar’s right-click menus. It’s not completely isolated. Another noticeable change is how all your apps are displayed. Instead of digging into a long alphabetical list and scrolling endlessly, there’s now a category view. It groups apps together and prioritizes the ones you use most. Microsoft admits it wanted this to feel a bit more like a smartphone layout 📲 Quicker visual scanning, less marathon scrolling. Whether you like that or not will probably come down to personal preference. There’s also an optional Phone Link panel that slides in from the side when you need it and stays hidden when you don’t. It’s designed to make your connected phone feel closer to your desktop without cluttering the interface. Now, here’s the honest bit. If you already disliked the current Windows 11 Start menu, this probably won’t change your mind. It’s an evolution, not a throwback to Windows 7. And no, you still can’t move the taskbar. Microsoft says that would break the UI flow and animations, which hasn’t silenced the debate 🤫 The bigger question is practical: Does this make it faster for your team to find what they need? Because when someone wastes 30 seconds hunting for an app, ten times a day, across twenty employees… that adds up. 💬 When you use your PC, do you mostly click pinned apps, or do you rely on search to find everything?

Have you ever gone into Windows settings to check your storage… and been hit with one of those “Do you want to allow this?” pop-ups? That’s not random 😱 Windows 11 has introduced a security change that affects the Storage section inside Settings. Now, when you open Settings → System → Storage, Windows triggers a User Account Control (UAC) prompt. UAC is the security pop-up that asks for permission before allowing changes that could affect the system. If you’re using an admin account, you click “Yes” and carry on as normal. But if you’re not an admin, and on a business machine where staff have standard user accounts you may not be, you’ll be blocked from accessing the Storage panel unless you enter the admin password. In simple terms, Windows is putting a small lock on the storage controls 🔐 Storage settings allow you to delete files, manage drives, and remove system data. If someone with limited access decided to start “cleaning up” without understanding what they were deleting, it could cause problems. It also adds a minor extra hurdle if an unauthorized person gains access to the machine locally. It’s not going to stop a determined attacker on its own, but layered security is about reducing easy wins. From a business perspective, this is sensible. In most companies, staff shouldn’t have full control over system storage anyway. Limiting access to more sensitive settings reduces accidental damage. The only slightly awkward part is that this change arrived without warning. The first time the pop-up appears, it can feel confusing because it didn’t happen before. It also adds an extra click to what used to be a seamless process. There’s also a small wrinkle at the moment. Some temporary file cleanup options (related to old Windows updates and drivers) seem to have disappeared from the Storage panel. They can still be removed using the older Disk Cleanup tool, but Microsoft will likely tidy that up. Overall, I’d rather see Windows lean slightly more secure than slightly more convenient, wouldn’t you? 👉 Are your team members using standard accounts or does everyone still have admin access just in case?

If I asked you where your biggest security risks sit, you’d probably say email, passwords, or maybe remote access, right? Very few business owners would point at Excel or PowerPoint. And yet, Office apps are one of the most common entry points attackers use ☠️ That’s why Microsoft has released an updated security baseline for Microsoft 365 Office apps. It’s a tightening of the screws behind the scenes 🪛 In simple terms, a security baseline is Microsoft’s recommended “secure settings template”. IT admins can apply it to make Word, Excel, PowerPoint and the rest more resistant to modern attack methods. This latest version focuses heavily on reducing the risk created by older components and external connections. Take Excel, for example. If a spreadsheet contains a link to pull in data from an external source, and that source is blocked under your security rules, Excel will now refuse to refresh it. You will see an error instead. Attackers often hide malicious data connections inside spreadsheets. If Excel automatically reaches out to an untrusted source, that can create an opportunity for compromise. Stopping that automatic refresh removes a potential weakness. In PowerPoint, Microsoft is disabling OLE content. OLE (Object Linking and Embedding) is a long-standing technology that allows content from other applications to be embedded into files. It has legitimate uses, but it has also been exploited in the past. Reducing reliance on older embedding mechanisms lowers the risk profile. Across all Microsoft 365 apps, there are further changes, including: 🔒 Blocking documents that try to use non-HTTPS web connections (HTTPS is the encrypted, secure version of web traffic) 🔒Disabling older graph components that aren’t widely used anymore 🔒 Turning off legacy add-ins like the classic OrgChart 🔒 Preventing fallback to outdated network protocols Microsoft is steadily moving businesses away from older technologies that attackers know how to abuse. For you, the important thing is this: These stronger settings need to be deployed by your IT team using Microsoft’s Security Compliance Toolkit. They don’t automatically switch on everywhere. 🤔 When was the last time someone reviewed how your Office apps are configured, not just whether they’re up to date?

If you’ve ever logged into SharePoint late at night to fix something quickly, you’ll understand this one 😅 Microsoft is adding dark mode to the SharePoint admin center. Now, before you think this is just a cosmetic tweak, hear me out 👂 For years, most of the Microsoft 365 admin portals have supported dark mode. Exchange. Teams. The main Microsoft 365 admin center. But SharePoint? Bright white screen. Every time. If you prefer dark mode (and a lot of people do), jumping into SharePoint always felt a bit… jarring. That’s finally being fixed 🎉 Admins will now be able to switch between light and dark themes inside the SharePoint admin center. It’s optional. Nothing is being forced on anyone. And importantly: • This doesn’t change any settings • It doesn’t affect end users • It doesn’t require any preparation • It’s purely about visual comfort and accessibility Dark mode reduces the amount of bright light your screen emits. For people working long hours, or logging in during the evening to deal with an issue, it can reduce eye strain and make the experience more comfortable 🌙 It’s not going to revolutionize your business, but small quality-of-life improvements matter more than people think. There’s also a consistency benefit here. If you’ve already chosen dark mode across other Microsoft 365 portals, SharePoint will now align with that preference instead of standing out like a floodlight. Switching it on is simple: Open the SharePoint admin center from the Microsoft 365 admin portal and use the Dark Mode toggle in the top right. That’s it. I often say that good IT isn’t always about dramatic new features. Sometimes it’s about making everyday tools slightly more pleasant to use. 👀 If you regularly manage SharePoint, do you prefer dark mode across your tools or are you still sticking with the classic bright white screens?

One of the most common frustrations I see inside growing businesses isn’t technical, it’s this: “Who in the company knows how to do this?” 🤔 You’ve got 15, 30, maybe 80 people. Talent everywhere. But when a specific task pops up, data protection question, Power BI report, client onboarding process tweak, you’re not always sure who’s best placed to handle it. Microsoft Teams is about to make that easier. A new feature is being added that lets people list their skills directly on their Microsoft 365 profile card inside Teams. When you click on someone’s name in Teams, you’ll be able to see what they’re good at, not just their job title. Say goodbye to “Accounts Manager” or “IT Technician.” Say hello to skills like: 📍 Contract negotiation 📍 Cybersecurity audits 📍 Excel automation 📍 Client presentations 📍 HR compliance It means managers can quickly see who’s suited to a project. Colleagues can discover hidden expertise. And individuals can manage how they’re perceived inside the business. Microsoft describes it as making it easier to learn about colleagues and build meaningful connections within the everyday flow of work. I like that. Because in most businesses the knowledge already exists. It’s just buried. This update will be available for Teams on Windows and Mac, and it fits into a broader push to make Teams more practical day-to-day. As companies grow, informal knowledge sharing breaks down. In a small team of five, everyone knows who does what. In a team of ten, thirty, or fifty, that clarity disappears. If Teams becomes a lightweight internal skills directory, it reduces friction. And friction is what slows businesses down. The key question is whether people will keep their profiles updated. Tools only work if humans use them 😊 💬 If this rolled out in your business tomorrow, would your team’s hidden talents become visible, or would most profiles still be blank?

There are a few Windows 11 features that are genuinely worth your attention right now 👍 Let me walk you through the ones that could make a difference in your business… 1️⃣ Smart App Control This checks any app you try to install against Microsoft’s threat database. If something looks suspicious, it blocks it. That can stop malware before it ever lands on your PC 🛑 Previously, there was a strange catch: If you turned it off (say, to install something you trusted), you couldn’t turn it back on again unless you reinstalled Windows completely. Which no one is doing casually. That’s now fixed 🥳 You can switch it on and off properly. Which means it’s finally practical to use. 2️⃣ Pick up where you left off (Android → PC) If you use an Android phone alongside your Windows PC, you can now resume more apps directly on your desktop. Let’s say you were editing a document or working inside an app on your phone. When you sit down at your PC, Windows can offer to continue from that exact point. It already worked with some apps like Word, Excel, Spotify and certain browsers. Now that resume ability is expanding, including files opened inside the Copilot app (as long as they’re stored online). It’s one of those features you don’t realize you need, until you use it a few times and see how it saves small pockets of time every day ⏱️ 3️⃣ Voice access and typing improvements Voice Access lets you control your PC using spoken commands. Now there’s a setup wizard that makes getting started much easier. There’s also more control over voice typing. You can choose how quickly commands are executed after you speak. That means near-instant action if you want it, or a slight pause if you tend to think out loud mid-sentence. For accessibility, productivity, or even just reducing keyboard fatigue, this is powerful. 4️⃣ File Explorer gets a performance boost File Explorer is the tool that lets you browse files and folders. If you’ve ever clicked into a shared network folder and waited… and waited… you’ll appreciate this. Performance has been improved specifically for accessing folders over a network. If your business stores files on a server or shared drive, that can make daily work smoother. It’s not dramatic. But when something you use dozens of times a day gets quicker, you feel it. 5️⃣ Handy device info at a glance Inside Settings, you now get simple “device info” cards showing your CPU, memory (RAM), storage and graphics. If you’ve ever wondered, “Do we have enough memory on this machine?” it’s easier to check without digging through menus. While none of this is headline-grabbing, taken together, it shows Windows becoming more practical, more connected to your other devices, and a bit more security-focused. And that’s the direction most businesses need. 🤔 Which of these would make the biggest difference in your day-to-day work? Security, speed, or cross-device flexibility?

I’ve seen a few scary headlines recently about printers “no longer being supported” in Windows. Have you? Well, let me save you a mild panic attack 😅 Your printer is not about to stop working. Microsoft confirmed that it has stopped publishing new V3 and V4 printer drivers through Windows Update. That sounds dramatic. It isn’t. First, a quick bit of translation. A printer driver is a piece of software that allows your computer to talk to your printer. Without it, your PC and printer can’t understand each other. For years, many printers used something called V3 or V4 drivers. These are just older driver models. Microsoft announced back in 2023 that they were phasing these out. This has been a slow, planned transition, not a sudden switch-off. So, what changes this year? 👉 Microsoft will stop publishing new V3 and V4 drivers to Windows Update 👉 Existing printers using those drivers will continue to work 👉 You can still install drivers from the manufacturer (HP, Canon, etc.) if needed. Windows isn’t deleting or blocking printers. It isn’t turning them into expensive paperweights 🖨️ In fact, Windows 11 already includes built-in support for something called Mopria printers. Mopria is a modern printing standard that’s been around since about 2014. If your printer supports it (many do), Windows already has what it needs built in. That means plug-and-play without extra downloads. Microsoft is moving toward this more modern, built-in approach instead of relying on lots of third-party driver packages. There are a few milestone dates to be aware of: 🗓️ January 2026: No new V3/V4 drivers published to Windows Update 🗓️ July 2026: Windows will prefer the newer built-in IPP driver automatically 🗓️ July 2027: Third-party updates via Windows Update mostly blocked (except security fixes) But Windows will still allow vendor-supplied installer packages. So, if your printer manufacturer provides a driver on their website, you can still install it. That said, if you’re running very old printers in a business environment, this is a gentle nudge to review them. Not because they’ll suddenly fail, but because older hardware often becomes harder to manage and secure over time. 👉 If you’re honest, how old is the oldest printer in your office right now? And would it cause chaos if it stopped working tomorrow?

Something new has come to Microsoft Copilot recently, and I think you’re going to like this one 👍 It’s called Reminders. Now before you roll your eyes and think, “I already have reminders on my phone,” stick with me. This isn’t a basic alarm, it’s built into Copilot, Microsoft’s AI assistant. And interestingly, you don’t need to pay for the Copilot subscription to use it. Even free users have access (with a few limits). You can say something like: “Remind me to cancel my Microsoft 365 subscription in five minutes.” And Copilot will send an alert to your mobile device. Or: “Remind me every Monday at 8am to review my presentation.” It understands dates and times automatically. You don’t need to fiddle around with settings or formats. It knows what “in five minutes” means. It even works for recurring reminders. You could say: “Teach me a new Spanish word every day at 9am.” And it will send something different each time. That’s clever 😊 A few important things to know: • The reminders are sent to your mobile device only. So, you need the Copilot app installed on your Android or iPhone, and notifications must be turned on. If you’ve disabled permissions, nothing will pop up. • Free users can create up to 5 reminders. • If you have Microsoft 365 Copilot subscription, you can have up to 20. • You manage them inside the Copilot mobile app under Settings. AI tools are all racing to become all-rounders. They don’t just want to answer questions anymore. They want to organize your day. You’re effectively talking to your task system instead of typing into it. There are also a few other updates happening with Copilot. You can now pin chats, share conversations easily, create summaries from them, and even use a new Study & Learn mode that helps generate quizzes and flashcards. It’s becoming more of a personal assistant than a simple chatbot 🤖 One thing I do tell clients though: Don’t rely on a single tool for mission-critical reminders just yet. Think of this as a helpful extra layer, not a replacement for proper diary systems. Still… it’s a nice step forward. 💬 Would you trust an AI assistant to manage your reminders, or do you still prefer the old-school calendar approach?

I had a conversation recently with a business owner who said, “We’re fine. We use Macs.” 🙂 I completely understand that thinking. For years, Windows PCs were seen as the main target for cybercriminals. Macs felt safer. But it’s no longer the case. Recent research shows that macOS is now just as interesting to hackers as Windows. And the way they’re attacking businesses has evolved in some clever (and worrying) ways. One of the biggest trends right now is something called info stealer malware ☠️ Info stealers are small programs designed to collect sensitive information from your computer and send it back to criminals. We’re talking about: ⚠️ Saved browser sessions (so they don’t even need your password) ⚠️ Keychains (where Macs store credentials) ⚠️ Cloud access tokens (digital “keys” that keep you logged into services like Microsoft 365 or Google Workspace) ⚠️ Developer credentials ⚠️ Even cryptocurrency wallets Once they have that, they can take over accounts, send fake invoices, launch ransomware, or access your cloud systems without you realizing 😬 And here’s the most worrying part: They’re not always breaking in through obvious malware downloads 🦠 Microsoft recently reported attackers using fake error messages (a trick known as social engineering). For example, a pop-up might say there’s a problem with your system and offer a “fix”. You download what looks like a normal Mac installer file (a DMG file, the standard Mac installation format) and that’s when the malware drops in. They’ve also seen fake ads on Google promoting things like PDF editors. You click, download, and it looks legitimate. Behind the scenes, it installs an info stealer and sets itself up to stay on the machine. Even worse, some criminals are hijacking WhatsApp accounts and using them to spread malicious links to trusted contacts. When it comes from someone you know, your guard drops. What’s changed is the speed and flexibility of these attacks. Some of the malware is written in cross-platform languages like Python, which means it can easily run on both Windows and Mac environments. That makes it easier for attackers to hit mixed businesses. Staying protected isn’t about which operating system you use anymore. It’s about how well protected and monitored your systems are 👀 Staff awareness matters. Good security software matters. Monitoring unusual activity matters. And making sure your cloud services are properly secured matters a lot. 🤔 If you’re a Mac-based business, or a mix of Mac and Windows, do you feel confident you’d spot something like this before damage was done?

This is one of those stories that reminds us why “I’ll update it later” can be risky 😬 A critical vulnerability has been discovered in a popular WordPress plugin called Advanced Custom Fields: Extended. It puts around 50,000 websites at risk of full takeover. To understand why this matters, a bit of context helps. WordPress powers a huge portion of the web. Many sites rely on plugins to add extra functionality, and one of the most widely used is Advanced Custom Fields (ACF). It lets developers add custom content fields to pages and posts. The Extended version builds on that, adding even more flexibility. The problem is that certain versions of this plugin didn’t properly enforce role restrictions when creating or updating users through forms. Under the right conditions, someone who isn’t logged in at all could create a new user account and assign themselves the administrator role. And administrator access on a WordPress site means everything. Content, users, plugins, themes… full control. Now, there is an important caveat. This isn’t an exploit that affects every site automatically. For the vulnerability to be abused, a site needs to be using specific user creation or update forms with role mapping enabled. That reduces the immediate blast radius. But the severity rating is still 9.8 out of 10, which tells you how bad things could get if the conditions are right. The good news is that the issue is fixed in a newer version of the plugin. More than half of affected sites have been updated. The less good news is that tens of thousands haven’t. And once a vulnerability becomes public, attackers don’t need it to be easy. They need it to be possible. There’s currently no evidence of this flaw being exploited in the wild. But history tells us that public disclosures often lead to scanning, probing, and automated attacks shortly afterwards. One outdated plugin can undo layers of good work elsewhere. 🤔 When was the last time you checked whether the set and forget parts of your website were still being maintained?

This is a good example of how brand-new features can increase business risk, even when they’re launched with good intentions 😬 Google recently rolled out a feature that lets people change their Gmail address while keeping the original address as an alias. All emails still arrive in the same inbox, so there’s no disruption to contacts or history 📧 On paper, it’s a sensible convenience upgrade. In practice, attackers moved fast. Security researchers are now warning about phishing emails that claim to relate to a Gmail address change or a required security check. These messages look especially convincing because they’re sent through Google’s own systems and appear to come from genuine Google addresses. For a busy employee, everything checks out at first glance. The emails reference security activity, ask for confirmation, and include links that appear to lead to official Google support pages. The problem is where those links really go. Instead of Google, they land on fake login pages designed to harvest passwords. Even more concerning, many of these pages are hosted on https://t.co/f9wmdhcXDZ, which is a legitimate Google website builder. Because it’s a real Google domain, many email security tools don’t block it. And because it looks familiar, people don’t question it. If someone enters their password, the impact can go far beyond email 😰 A compromised Google account can expose Drive files, calendars, shared documents, and any third-party services that use “Sign in with Google”. In a business context, that can quickly turn into data exposure, account takeover, and a messy incident to clean up. What’s also worth noting is that this isn’t entirely new. Research flagged early waves of similar attacks in late 2025, before this feature was even widely known. Google has said its systems weren’t breached, but this shows how easily legitimate platforms can be abused without being compromised. There are still warning signs, if people slow down: • Generic greetings instead of names • Urgent language designed to create panic • Any request to enter passwords via an email link Google’s advice is straightforward: Don’t click 🙅 Go directly to your account in a browser and check security alerts there instead. Add multi-factor authentication, use strong unique passwords, and assume unexpected security emails deserve scrutiny. The bigger takeaway for businesses is this: Every new convenience feature also creates a new social-engineering opportunity. And attackers are very good at finding the gap between “this looks normal” and “this is dangerous”. 💭 If one convincing email can bypass both filters and instincts, how confident are you that your people would pause before handing over access to your business?

There’s an assumption that keeps popping up in AI conversations, and this research breaks it… The idea is that younger workers are relaxed about AI, while older workers feel threatened by it. New research suggests the opposite 😮 Gen Z workers, despite being some of the strongest users of AI tools, are the most concerned about AI displacing human roles. Meanwhile, Boomers report feeling more confident about adapting to new workplace trends, including AI-driven change. That contrast is telling. Across the workforce, most people now expect AI to affect their day-to-day tasks in some way. But almost half believe the biggest benefits will flow to employers rather than employees. And while a portion of workers still feel their role is safe, the pace of change suggests that confidence may not last forever. What really stands out is the response to that uncertainty. Most people agree they need to upskill to keep pace, yet there’s no clear consensus on who owns that responsibility. Many aren’t waiting to find out. Around half have already taken learning into their own hands, rather than relying on structured support from their employer. At the same time, the jobs market is shifting fast. Demand for roles involving AI agents, prompt writing, and AI training has grown dramatically. New skills are emerging almost faster than organizations can define them. And yet, despite all the focus on technology, something very human keeps showing up in the data. People still learn soft skills, judgment, communication, and resilience from more experienced colleagues. They still learn new tech and AI skills from younger ones. And managers are playing an increasingly important role in helping teams feel grounded while everything else changes. AI may be reshaping tasks, tools, and titles, but adaptation is an emotional challenge as well as a technical one. 👉 If some of the most capable AI users are also the most anxious about the future, what does that say about how clearly we’re explaining the path forward?

Every so often, a new feature gets announced and you can almost hear the collective intake of breath 😉 This was one of those. Microsoft has been working on a new capability for Teams that would automatically report where someone is working from, based on the Wi-Fi network they’re connected to. Join a call on the office network, and your work location could show as “Head Office”. Connect from somewhere else, and that context would follow you into Teams and Outlook. From a purely technical point of view, it’s clever. From an operational point of view, you can see the appeal. But once you step back, the discomfort starts to creep in 😬 In a world of hybrid and flexible working, location is no longer a neutral detail. Knowing whether someone is in the office, at home, or somewhere else entirely can easily slide from useful context into unspoken monitoring. Microsoft planned for the feature to be opt-in, with IT admins controlling whether it’s available and employees choosing whether to enable it. The catch, of course, is that policies can be enforced. And once something becomes mandatory, the idea of choice disappears. That’s likely why this feature keeps getting pushed back 🗓️ Microsoft has now delayed it again, and while there’s no official explanation, it’s hard not to see the tension underneath. On one side, organizations want better visibility into how their tools are being used. On the other, employees want flexibility without feeling watched. What’s interesting here isn’t the feature itself, it’s what it represents. Collaboration tools like Teams started out as ways to message, meet, and share files. Over time, they’ve become a record of availability, responsiveness, activity. And now, potentially, location. Each step on its own feels small. Together, they reshape expectations about work. 🤔 So here’s a question worth sitting with: As flexible work continues to evolve, should workplace technology default to building trust or to increasing visibility?

Excel is crossing an interesting line from “tool that helps you work” to “tool that does some of the work for you” 📊 Late last year, Microsoft introduced Agent Mode in Excel on the web. Now it’s rolling out to Excel on Windows, and it’s more than just a copy-and-paste of the web version. Let’s rewind a little… Agent Mode is an AI-powered way of telling Excel what outcome you want, rather than clicking through steps yourself. Instead of building formulas, charts, or layouts manually, you describe the result and Excel works through the steps on your behalf. Think of it less as “help me write a formula” and more as “build this whole thing for me”. What’s changed with the Windows version is how flexible it’s become. Agent Mode now plugs directly into Copilot inside Excel, and you can choose which AI model does the thinking. Some models are better at fast, structured tasks. Others are better at detailed, exploratory work. Excel can pick automatically, or you can override it if you care about that level of control. Under the hood, that includes models from OpenAI and Anthropic, but you don’t need to understand the difference to use it. “Auto” mode handles that. The practical improvements matter more. Agent Mode is now quicker and more reliable when doing everyday Excel jobs, like creating workbooks, fixing broken formulas, generating charts, and even pulling in live data from the web when needed. You give it an outcome-based instruction, and it builds toward that result. You should still sanity-check what it produces (always sanity-check), but it dramatically reduces the setup work. Spreadsheets aren’t going away. But the skill is shifting from how to build everything to how to ask for the right result. Knowing what you want matters more than knowing every button. One important footnote: Agent Mode is live for Excel on Windows and the web, with Mac support coming soon. That aside, this feels like a genuine change in how people will use Excel over the next few years. 💭 If Excel could take instructions instead of clicks, what’s the first task you’d happily hand over?

There’s a phishing campaign doing the rounds that skips email entirely 🫨 And you guessed it: That’s what makes it effective 😬 Security researchers have uncovered a targeted attack aimed at executives and IT admins, delivered through LinkedIn messages. The setup is deliberately convincing. The victim is contacted about a job opportunity or a business project. Nothing obviously suspicious. The message includes a download link to what looks like a relevant document. It’s often named to match the person’s role, like a product roadmap or project plan. Click the link, and a file downloads. It’s a self-extracting archive created with WinRAR, which opens like a normal folder. Inside are several files that appear legitimate, including a PDF reader. So far, everything looks routine. When the document is opened, though, something else happens behind the scenes: The PDF reader loads a malicious file bundled alongside it. This technique is called DLL sideloading, which is a way of sneaking harmful code in by hiding it next to a trusted application. Because the program itself looks legitimate, security tools are less likely to raise an alarm straight away. From there, the attack digs in 😰 It creates a startup entry, so it keeps running after a reboot, then launches a small Python tool that runs entirely in memory. That tool opens a communication channel back to the attacker, giving them remote access to the machine. At that point, the system is effectively under someone else’s control. What’s worth paying attention to isn’t just the technical detail, it’s the delivery method 📧 The researchers were very clear that phishing no longer lives only in inboxes. Social platforms, messaging apps, and search results are increasingly being used because they feel informal and familiar. We’re also less conditioned to be suspicious there, especially when the approach feels personalized and professional. And LinkedIn is particularly attractive. It’s rich with role information, company context, and people who are used to receiving unsolicited outreach. That makes it easier to tailor messages that don’t feel random. The uncomfortable lesson here is that “I didn’t get an email” doesn’t mean “I wasn’t phished”. Any platform that allows direct contact and file sharing can be abused. Especially when it’s used daily on work devices and trusted by default. 👉 When a message feels relevant, personalized, and arrives through a professional platform, what would make you hesitate before you click?