PHISH & TELL™ –
The Cyber & AI Risk Triage Desk

So your business doesn’t break while you’re busy running it.
A 5-minute weekly brief that tells you what to ignore, what to fix, and what can wait.

March is a time for renewal and celebration, and in honour of Women’s History Month we’re doubling down on protecting the businesses you’ve built.

THIS WEEK’S 10-MINUTE WIN
Patch your WordPress membership plugin to block admin‑hijack attacks

If you…

run a WordPress website that offers memberships, please stop scrolling and read this.

Should you care?

YES — urgently
You use the User Registration & Membership plugin and regularly handle log‑ins, payments or sign‑ups. Attackers are actively exploiting a flaw to create administrator accounts.

🤷‍♀ MAYBE — worth doing anyway
You run a WordPress site but aren’t sure which plugins are installed. It’s still smart to check for unused or out‑of‑date add‑ons.

NO — low priority (for now)
Your website isn’t on WordPress or is managed by a third party that handles security updates for you.

What’s happening (plain English)?

Researchers discovered a critical vulnerability in the popular User Registration & Membership plugin that lets anyone on the internet create their own administrator account. Attackers have already attempted to exploit this bug hundreds of times. Once they’re in, they can install malware, steal customer data or lock you out of your own site.

Do this now

  1. Update to version 5.1.4. The plugin’s developer issued a fix; installing the newest version closes the hole.

  2. Audit your plugins. Remove any you no longer use, and make sure all remaining plugins and themes are regularly updated.

  3. Restrict admin accounts. Limit who can log in as an administrator and require multi‑factor authentication. Consider a web‑application firewall (WAF) to block exploit attempts.

AI REALITY CHECK
AI browser add‑ons can see more than you think

What happened: A recently patched bug in Google Chrome allowed malicious browser extensions to hijack the new Gemini AI side panel. By injecting code into this panel, attackers could access your camera, microphone and local files. The issue is fixed in the latest Chrome release, but it’s a reminder that AI‑powered features require broad permissions.

Why it matters: Browser makers are racing to embed AI helpers everywhere. These tools often request read/write access to your tabs, files and even devices. A rogue extension can piggyback on those privileges to spy on your business or install malware. Many employees install extensions without IT approval, so this risk can sneak in under the radar.

What to do:

  • Update Chrome and other browsers to the newest versions, and encourage your team to do the same.

  • Limit extension installations to trusted sources and review permissions regularly. Remove anything you no longer use.

  • Treat AI features like any privileged application: enforce least‑privilege access and watch for pop‑ups that request excessive permissions.

READER QUESTION OF THE WEEK
How can I tell if a link to Google or Microsoft is actually safe?

Attackers are getting crafty. Microsoft recently warned that criminals abuse the legitimate OAuth “redirect URL” feature to make phishing links look like official Microsoft 365 or Google Workspace sign‑in pages. There’s also a scam where a fake Google Account security page tricks you into installing a Progressive Web App (PWA) that reads your contacts, location and one‑time passwords.

Here’s how to stay safe:

  1. Check the domain carefully. Hover over links before clicking. A genuine Microsoft link should end in .microsoft.com or .office.com; a real Google link should end in .google.com.

  2. Beware of zip files and installers. In the OAuth abuse campaign, the “sign‑in” page redirected victims to a ZIP file containing a malicious installer. Don’t open unexpected attachments — even if they look like they came from someone you trust.

  3. Restrict third‑party app consent. Only let pre‑approved apps request OAuth permissions. Review and revoke unused permissions regularly.

  4. Use official app stores. Google won’t ask you to install security updates via a random web page. Only get web apps from the Chrome Web Store or your system’s app store.

If a link ever feels off, don’t click it — open a new tab and log in directly to the service yourself.

RISK RADAR
Also happening this week

  • Attackers impersonate IT support and deploy Havoc malware. A new campaign floods inboxes with spam, then calls victims posing as IT staff. Once on the phone, they direct users to a fake Microsoft page, harvest credentials and sideload the Havoc command‑and‑control framework. Takeaway: Train your team to hang up and call back using a known number before granting remote access to anyone.

  • E‑commerce operator sentenced for selling pirated software licences. A Florida woman who ran Trinity Software Distribution received a 22‑month sentence for trafficking thousands of stolen Microsoft licence stickers. Takeaway: Don’t buy software licences on the grey market — you risk legal trouble and may inadvertently install malware.

  • Ransomware demands rise even as payments shrink. Researchers report that criminals collected less ransom overall last year, but the median demand surged. Takeaway: Build offline backups and rehearse your incident response — don’t wait until you’re under pressure to figure it out.

  • Vendor misconfigurations trigger breaches. A cloud‑backup change recently exposed sensitive configuration data and led to a ransomware incident. Takeaway: Ask your vendors how they secure backups and restrict API access; your security is only as strong as theirs.

You don’t need to act on these unless they apply to you.

ON THE PERSONAL SIDE
There are good humans in the world

Rocco is one of those good humans. He did a segment on my company on a recent episode of his local access cable TV show, Rise and Shine with Rocco. It’s “a positive and uplifting series focusing on the joy of living and overcoming challenges by embracing life as a gift each day. Rocco is a devoted husband, yoga instructor, rising artist in the synthwave and EDM world and culinary creator.” The world is heavy these days. Rocco is a great antidote. Check out his show. (One of the producers, Jersey Doll, also wrote a great kids’ book, called Abby: The Most Famous Fish in the World, a story about “loving others, family, friendship, determination and compassion” as well as ocean conservation. Share it with a kid in your life!)

Before you go

Security isn’t about chasing every headline; it’s about focusing on the risks that matter to you and your team. Every small step you take today—whether it’s installing an update or reminding someone not to click a suspicious link—adds up to a stronger, safer business tomorrow.

How are you liking the new newsletter format? I want it to serve you well. Let me know.

Until next week,
~Alexia

P.S. I just completed the Harvard Data Science Initiative Agentic AI Intensive. Expect deeper insights and more secure AI operational tips in future issues.

P.P.S. If you’d rather talk it out than read about it, you’re welcome in my free drop-in office hours on Roam at 1pm EST on Fridays (later today!) When the light is green, I’m available—click here to drop in to my lobby and knock:
https://ro.am/alexia-idoura/

My question to you: What’s one small cybersecurity win you’ve accomplished recently — whether it’s updating a plugin, removing an unused browser extension, or training a team member to spot scams? Hit reply and share; your story might inspire someone else!

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷

Keep Reading

© 2026 Phish & Tell from Security Done Easy.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv