Xentric Solutions, 5950 Canoga Avenue, Suite 615, Los Angeles, CA (2026)

05/03/2026

Too many windows open? Shake the one you need and Windows 11 clears the rest instantly…

05/01/2026

It’s surprisingly common for businesses to rely on software that’s no longer supported.

Not because anyone chooses to take a risk.

More often, the software has been around for years. It works, people are familiar with it, and replacing it never quite reaches the top of the priority list.

But at some point, the company that created it stops maintaining it. From that moment on, security gaps aren’t fixed and new weaknesses aren’t patched.

The software may still appear to work exactly as it always has. But the protection behind it has disappeared.

Our latest guide explains what unsupported software means for a business, why the risk grows over time, and how to find out if any of your systems have reached that stage.

Download your free copy now. Link in the comments.

05/01/2026

I had a conversation recently with a business owner who said, “We’re fine. We use Macs.” 🙂

I completely understand that thinking.

For years, Windows PCs were seen as the main target for cybercriminals. Macs felt safer.

But it’s no longer the case.

Recent research shows that macOS is now just as interesting to hackers as Windows. And the way they’re attacking businesses has evolved in some clever (and worrying) ways.

One of the biggest trends right now is something called info stealer malware ☠️

Info stealers are small programs designed to collect sensitive information from your computer and send it back to criminals. We’re talking about:

⚠️ Saved browser sessions (so they don’t even need your password)
⚠️ Keychains (where Macs store credentials)
⚠️ Cloud access tokens (digital “keys” that keep you logged into services like Microsoft 365 or Google Workspace)
⚠️ Developer credentials
⚠️ Even cryptocurrency wallets

Once they have that, they can take over accounts, send fake invoices, launch ransomware, or access your cloud systems without you realizing 😬

And here’s the most worrying part: They’re not always breaking in through obvious malware downloads 🦠

Microsoft recently reported attackers using fake error messages (a trick known as social engineering).

For example, a pop-up might say there’s a problem with your system and offer a “fix”.

You download what looks like a normal Mac installer file (a DMG file, the standard Mac installation format) and that’s when the malware drops in.

They’ve also seen fake ads on Google promoting things like PDF editors. You click, download, and it looks legitimate. Behind the scenes, it installs an info stealer and sets itself up to stay on the machine.

Even worse, some criminals are hijacking WhatsApp accounts and using them to spread malicious links to trusted contacts. When it comes from someone you know, your guard drops.

What’s changed is the speed and flexibility of these attacks.

Some of the malware is written in cross-platform languages like Python, which means it can easily run on both Windows and Mac environments. That makes it easier for attackers to hit mixed businesses.

Staying protected isn’t about which operating system you use anymore. It’s about how well protected and monitored your systems are 👀

Staff awareness matters. Good security software matters. Monitoring unusual activity matters. And making sure your cloud services are properly secured matters a lot.

🤔 If you’re a Mac-based business, or a mix of Mac and Windows, do you feel confident you’d spot something like this before damage was done?

04/30/2026

Your people are drafting emails, summarizing documents, and solving problems faster thanks to AI. It’s great.

But what’s missing in many businesses is the decision about how it should be used.

Without that, people fill in the gaps themselves.
And that’s how data can end up in the wrong places… learn more in the comments.

04/29/2026

This is one of those stories that reminds us why “I’ll update it later” can be risky 😬

A critical vulnerability has been discovered in a popular WordPress plugin called Advanced Custom Fields: Extended.

It puts around 50,000 websites at risk of full takeover.

To understand why this matters, a bit of context helps.

WordPress powers a huge portion of the web. Many sites rely on plugins to add extra functionality, and one of the most widely used is Advanced Custom Fields (ACF).

It lets developers add custom content fields to pages and posts.

The Extended version builds on that, adding even more flexibility.

The problem is that certain versions of this plugin didn’t properly enforce role restrictions when creating or updating users through forms.

Under the right conditions, someone who isn’t logged in at all could create a new user account and assign themselves the administrator role.

And administrator access on a WordPress site means everything. Content, users, plugins, themes… full control.

Now, there is an important caveat.

This isn’t an exploit that affects every site automatically.

For the vulnerability to be abused, a site needs to be using specific user creation or update forms with role mapping enabled.

That reduces the immediate blast radius.

But the severity rating is still 9.8 out of 10, which tells you how bad things could get if the conditions are right.

The good news is that the issue is fixed in a newer version of the plugin. More than half of affected sites have been updated.

The less good news is that tens of thousands haven’t. And once a vulnerability becomes public, attackers don’t need it to be easy. They need it to be possible.

There’s currently no evidence of this flaw being exploited in the wild. But history tells us that public disclosures often lead to scanning, probing, and automated attacks shortly afterwards.

One outdated plugin can undo layers of good work elsewhere.

🤔 When was the last time you checked whether the set and forget parts of your website were still being maintained?

04/28/2026

It’s time to govern your team’s AI use

Quick question: Do you know how your team is using AI at work?

Not how you think they’re using it, but how they’re really using it?

Most businesses don’t. And that’s where the risk creeps in…

04/27/2026

This is a good example of how brand-new features can increase business risk, even when they’re launched with good intentions 😬

Google recently rolled out a feature that lets people change their Gmail address while keeping the original address as an alias.

All emails still arrive in the same inbox, so there’s no disruption to contacts or history 📧

On paper, it’s a sensible convenience upgrade.

In practice, attackers moved fast.

Security researchers are now warning about phishing emails that claim to relate to a Gmail address change or a required security check.

These messages look especially convincing because they’re sent through Google’s own systems and appear to come from genuine Google addresses.

For a busy employee, everything checks out at first glance.

The emails reference security activity, ask for confirmation, and include links that appear to lead to official Google support pages.

The problem is where those links really go.

Instead of Google, they land on fake login pages designed to harvest passwords.

Even more concerning, many of these pages are hosted on sites.google.com, which is a legitimate Google website builder.

Because it’s a real Google domain, many email security tools don’t block it.

And because it looks familiar, people don’t question it.

If someone enters their password, the impact can go far beyond email 😰

A compromised Google account can expose Drive files, calendars, shared documents, and any third-party services that use “Sign in with Google”.

In a business context, that can quickly turn into data exposure, account takeover, and a messy incident to clean up.

What’s also worth noting is that this isn’t entirely new.

Research flagged early waves of similar attacks in late 2025, before this feature was even widely known.

Google has said its systems weren’t breached, but this shows how easily legitimate platforms can be abused without being compromised.

There are still warning signs, if people slow down:

• Generic greetings instead of names
• Urgent language designed to create panic
• Any request to enter passwords via an email link

Google’s advice is straightforward: Don’t click 🙅

Go directly to your account in a browser and check security alerts there instead.

Add multi-factor authentication, use strong unique passwords, and assume unexpected security emails deserve scrutiny.

The bigger takeaway for businesses is this: Every new convenience feature also creates a new social-engineering opportunity.

And attackers are very good at finding the gap between “this looks normal” and “this is dangerous”.

💭 If one convincing email can bypass both filters and instincts, how confident are you that your people would pause before handing over access to your business?

04/26/2026

Ever been sent a PDF and needed to change something? You can open it straight in Word and edit it without extra tools…

04/24/2026

There’s an assumption that keeps popping up in AI conversations, and this research breaks it…

The idea is that younger workers are relaxed about AI, while older workers feel threatened by it.

New research suggests the opposite 😮

Gen Z workers, despite being some of the strongest users of AI tools, are the most concerned about AI displacing human roles.

Meanwhile, Boomers report feeling more confident about adapting to new workplace trends, including AI-driven change.

That contrast is telling.

Across the workforce, most people now expect AI to affect their day-to-day tasks in some way.

But almost half believe the biggest benefits will flow to employers rather than employees.

And while a portion of workers still feel their role is safe, the pace of change suggests that confidence may not last forever.

What really stands out is the response to that uncertainty.

Most people agree they need to upskill to keep pace, yet there’s no clear consensus on who owns that responsibility.

Many aren’t waiting to find out.

Around half have already taken learning into their own hands, rather than relying on structured support from their employer.

At the same time, the jobs market is shifting fast.

Demand for roles involving AI agents, prompt writing, and AI training has grown dramatically.

New skills are emerging almost faster than organizations can define them.

And yet, despite all the focus on technology, something very human keeps showing up in the data.

People still learn soft skills, judgment, communication, and resilience from more experienced colleagues.

They still learn new tech and AI skills from younger ones.

And managers are playing an increasingly important role in helping teams feel grounded while everything else changes.

AI may be reshaping tasks, tools, and titles, but adaptation is an emotional challenge as well as a technical one.

👉 If some of the most capable AI users are also the most anxious about the future, what does that say about how clearly we’re explaining the path forward?

04/23/2026

Your phone’s browser is building a picture of you over time.

Where you go. What you look up. Patterns that reveal far more than most people expect.

That doesn’t make popular browsers bad.
But it does mean they deserve more attention than they usually get…
Give it some attention with the link in the comments.

Xentric Solutions

05/03/2026

05/01/2026

05/01/2026

04/30/2026

04/29/2026

04/28/2026

04/27/2026

04/26/2026

04/24/2026

04/23/2026

Address

Telephone

Website

Alerts

Shortcuts

Share

Category