BlueGrass Technology

05/31/2026

If your business website runs on WordPress, here’s a quick check for you 🔎

There’s a popular plugin called Quiz and Survey Master (QSM).

It’s used by more than 40,000 websites to create quizzes, surveys and forms without needing any coding.

Unfortunately, versions 10.3.1 and older were recently found to have a serious security flaw.

The issue is what’s known as an SQL injection vulnerability.

SQL is the language used to talk to a website’s database, the part that stores things like user accounts, submissions, and other important data.

An SQL injection flaw means someone can sneak malicious commands into that database.

In this case, any logged-in user, even someone with a basic subscriber account, could potentially inject commands into the system.

That could allow actions like:

🚫 Accessing sensitive data�
🚫 Extracting information from the database�
🚫 Manipulating content

The vulnerability is tracked as CVE-2025-67987, and it was fixed in version 10.3.2.

The latest version available is 10.3.5, which is the safest bet.

Based on WordPress.org data, just over half of websites using QSM are on version 10.3. That means a large number are likely still vulnerable.

That’s potentially tens of thousands of sites.

Right now, there’s no confirmed evidence of this flaw being actively exploited. But once a vulnerability is public, attackers often start scanning the internet looking for unpatched sites.

👉 If your site uses this plugin, the solution is straightforward: Update it immediately 👈

More broadly, this is a reminder of something I say often to business owners: WordPress itself isn’t usually the weak link. It’s the plugins.

Every plugin you install adds functionality but also adds potential risk.

If you’re not actively using a plugin or theme, it shouldn’t just be deactivated. It should be deleted from the server completely.

Websites aren’t a set and forget asset. They’re part of your digital infrastructure.

If they’re vulnerable, they can become an entry point into your wider systems. Especially if admin accounts reuse passwords across services.

❓ When was the last time someone checked which plugins your website is running and whether th

05/30/2026

If you’ve ever tried to get an AI tool to understand a whole project instead of just one document, you’ll appreciate this…

Microsoft has introduced something called Copilot Agents in OneDrive.

And this is where AI starts to feel a bit more useful for real-world business work 🤖

Here’s the problem it’s trying to solve.

Normally, if you ask Copilot to summarize or analyze something, you’re doing it one file at a time. One Word document. One spreadsheet. One PowerPoint.

But projects don’t live in one file.

They live across proposals, meeting notes, budgets, timelines, research documents, and email summaries.

With OneDrive Agents, you can now select up to 20 related files and bundle them together into what’s saved as a .agent file.

Instead of asking: “Summarize this file…”

You can ask: “What deadlines are coming up across this whole project?”

“Where are the risks?”�

“What did we agree in the last three meetings?”

And it has the context of all the selected files, not just one.

The agent behaves like other AI tools. It can summarize, answer questions, surface key points. But it’s operating with a broader understanding.

Even better, these agents are saved as files inside OneDrive.

That means you can share the .agent file with colleagues. They don’t need to recreate the setup themselves. You’re all working from the same AI “view” of the project.

As projects evolve, you can add or remove documents from the agent or refine the instructions it uses.

It stays aligned with the latest information instead of becoming outdated.

Right now, this feature is available to people with a Microsoft 365 Copilot license accessing OneDrive via the web.

It’s clearly still evolving. Microsoft is asking for feedback, which suggests it’s watching closely to see how businesses use it.

From a business owner’s perspective, the real value is reducing the time spent hunting across folders, trying to piece together context.

If AI can help you understand a whole project in one place instead of ten separate files, that’s meaningful productivity.

🤔 The question is, would you trust an AI agent to interpret multiple important documents at once, or would you still prefer to read

05/29/2026

Still relying on Windows 10 with Extended Security Updates?

Your safety net has an end date and it’s approaching fast.

When it disappears, so does your protection.

If Windows 10 is still part of your business setup, now’s the time to start thinking ahead…

05/29/2026

There’s an old idea in IT that still pops up from time to time.

That if you bring in external expertise, it somehow weakens your team.

That it sends the message you couldn’t cope, or that leadership will start questioning why they’re paying for internal capability at all.

I don’t see that play out in reality.

Most internal IT teams I work with are highly capable.

They understand their environment, their users, their risks, and their priorities better than anyone else ever could.

What they don’t have is infinite capacity.

And expecting them to develop deep expertise in every domain on top of running day-to-day operations simply isn’t realistic anymore.

The technology landscape doesn’t stand still long enough for that.

Security evolves constantly.

Cloud platforms shift underneath you. Tooling multiplies. Best practice changes. And all of this is happening while users still expect instant responses, and the business still expects IT to just work.

Trying to carry all of that internally doesn’t future-proof a team.

It exhausts it.

Bringing in external expertise, when it’s done properly, doesn’t remove responsibility or dilute authority.

It protects the internal team’s role.

Specialist work gets done by people who do it every day, not squeezed into spare hours.

Projects move forward without dragging everyone into unfamiliar territory.

Knowledge gets shared in context, rather than learned in isolation at 9pm after a long day.

It also changes the tone of IT leadership.

Instead of firefighting and scrambling to cover gaps, the focus shifts back to standards, direction, and long-term health.

Internal teams get to do the work they’re best at: Understanding the business, setting priorities, and making good decisions.

All without being stretched thin trying to be experts in everything at once.

The teams that stay effective over time aren’t the ones that try to do it all alone.

They’re the ones that know when to reinforce, when to bring in depth, and when to protect their people from unsustainable load.

That’s what futureproofing looks like: Support that strengthens the team rather than replacing it.

If this resonates, let’s talk about h

05/27/2026

Too many pop-ups breaking your concentration? Windows 11 Focus hides notifications so you can get more work done…

05/27/2026

Security shouldn’t feel like a constant background stress.

If you spend more time sorting signal from noise than improving posture, something’s off.

Too many alerts drain focus.

There’s a way to ease the pressure without switching things off or losing control…

05/26/2026

If you receive a message saying a large Apple Pay payment has been blocked and you need to call a number urgently…

STOP 🚩

There’s a new scam circulating that targets Apple users, and it’s very convincing.

The email or text usually claims that a high-value purchase has been attempted using your Apple Pay details.

It might mention suspicious activity, a blocked transaction, or even a fake case number. The branding looks polished. The formatting feels official.

Really? The phone number in the message connects you directly to scammers.

The tactic is simple.

Create anxiety about losing a significant amount of money, then offer a quick solution 😱

When people believe their account is under threat, they’re more likely to act without double-checking.

Once on the phone, the criminals typically try to gather your Apple ID login details, verification codes sent to your device, or card information.

With that, they can attempt to take control of your account ⚠️

Here are a few important facts:

Apple does not send fraud alerts asking you to call a number included in an email or text message.

It also doesn’t use aggressive language suggesting your account will be locked if you don’t respond immediately.

That kind of urgency is a common phishing technique 🎣

If you ever receive something like this, check the sender’s email address carefully.

It may look genuine at first glance, but small spelling errors or unusual domain names often give it away.

Generic greetings like “Hello {Name}” instead of your actual name are another warning sign.

It’s also worth remembering that if a payment really were suspicious, your bank would normally step in automatically.

Banks tend to block unusual transactions and contact you directly through official channels.

You would approve a legitimate payment, not scramble to stop it via a random phone number in a text.

If you’re unsure, don’t use any contact details from the message 🚫

Instead, go directly to Apple’s official website yourself and use the support options there.

Or check your purchase history on your device: Settings > Tap your name > Media & Purchases > View Account > Purchase History

That wi

05/26/2026

There’s a quiet moment most IT directors recognize.

Something breaks, you jump in, and as you’re fixing it you realize you’re relying entirely on your own memory.

Not because you want to, but because the documentation either doesn’t exist, doesn’t reflect reality, or simply isn’t useful when you need it most.

That’s usually when the idea of “we should really document this properly” pops up…

… right before the next interruption arrives.

Good, shared documentation shouldn’t be confused with building a perfect knowledge base.

Instead, it should reduce how fragile day-to-day IT becomes, whether you’re running a full team or carrying the function on your own shoulders.

When knowledge only lives in someone’s head, everything becomes harder: Support takes longer, changes feel riskier, and stepping away from the keyboard starts to feel impossible.

What internal IT tends to value is relevance.

Documentation that mirrors how the environment works today, not how it was originally designed or how a vendor slide deck described it.

Clear notes that explain decisions as well as configurations.

Enough detail to be useful, without turning into a maintenance burden.

Shared documentation also changes how external support feels.

Instead of someone guessing, interrupting, or working around you, they can align with how you already operate.

• Standards stay consistent
• Context stays intact
• Collaboration becomes quieter and more efficient

From our side as an MSP, that clarity is what makes partnership work.

It’s how support strengthens what’s already there instead of adding noise or friction.

If your documentation exists mostly in your head, or in places you don’t really trust, it might be worth assessing.

My team and I can help take a practical look at how shared documentation could take some of the mental load off and make day-to-day IT a little less fragile. Get in touch.

05/25/2026

05/25/2026

Some businesses feel like they’re constantly dealing with IT problems.

A system slows down or something stops working. People report it, wait for it to be fixed, and then carry on until the next issue appears.

But others rarely seem to have those disruptions.

What’s the difference?

It comes down to the way they approach their IT…