Feed aggregator

• The OttoKit plugin was vulnerable to a critical flaw that allows the creation of new admin accounts
• It was patched in late April 2025, so users should update now
• Threat actors are looking for exposed websites

OttoKit, a popular automation WordPress plugin, is vulnerable to a critical-severity flaw that allows threat actors to take over entire websites.

The bug is described as an incorrect privilege assignment flaw in Brainstorm Force that allows privilege escalation. It affects all older versions of the website builder plugin, up until version 1.0.83, which was released on April 21, 2025. It is tracked as CVE-2025-27007 and has a severity score of 9.8/10 (critical).

In theory, threat actors could send a crafted POST request to a vulnerable REST API endpoint exposed by OttoKit, containing automation data that mimics internal plugin logic. Due to missing validation, OttoKit would fail to properly authenticate the request, and since the automation logic runs with elevated privileges, the threat actors are ultimately allowed to create a new user account and assign it the administrator role.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Chats leaked

OttoKit, formerly known as SureTriggers, is designed to connect websites with various third-party services and enable workflow automation without coding.

It supports integrations with platforms like WooCommerce, Mailchimp, Google Sheets, and CRMs, allowing users to run tasks such as sending emails, updating user roles, or syncing data across apps.

The plugin has more than 100,000 users, but most of them have applied the patch already. Still, security researchers Patchstack said they observed attacks in the wild, starting almost immediately after the flaw was publicly disclosed.

"It is strongly recommended to update your site as soon as possible if you are using the OttoKit plugin, and to review your logs and site settings for these indicators of attack and compromise," Patchstack said.

This is the second major vulnerability in OttoKit found this month, after CVE-2025-3102, another authentication bypass flaw, which was given a “high” severity score of 8.1/10.

Via BleepingComputer

You might also like

• Fortinet firewall bugs are being targeted by LockBit ransomware hackers
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Black smoke streamed from the chimney of the Sistine Chapel on Thursday morning in Rome, signaling that the 133 cardinal electors have not come to a two-thirds agreement about who the next pontiff should be.

(Image credit: Andrew Medichini)

President Trump has proposed slashing federal scientific funding. Economists say the long-term consequences could be dire.

(Image credit: AP)

The presidents of the National Education Association and American Federation of Teachers say the political climate has added to age-old money problems for teachers, such as underfunded schools.

(Image credit: Katrina Ward for NPR)

Most Americans balk at the idea of charging women who get abortions with homicide, but post-Roe, militant anti-abortion activists are finding state lawmakers are increasingly open to it.

Two dozen states allow citizens to propose ballot measures. But Republican lawmakers in many of those states are now adding hurdles to those efforts, saying they want to combat fraud.

(Image credit: Andrew DeMillo)

Soaps, lotions and shampoos were found to have formaldehyde and formaldehyde-releasing preservatives.

(Image credit: puhhha/iStockphoto)

My sister and I recently unearthed a forgotten box of correspondence our mom received from servicemen she'd met at Red Cross dances in Rome near the end of the war. She would have been 100 this year.

(Image credit: Beth Novey)

Velella velella on a stretch of sand between Zuma and Broad beaches in Malibu, Calif.'/>

Hundreds of thousands of Velella velella, more commonly known as by-the-wind-sailors, are drifting onto the coastline. Beachcombers say they look like "blue diamonds strewn across the beach."

(Image credit: Emily Scher)

It is not unusual to bring some of your own tools to work. Most chefs want to use their own knives, musicians use their own instruments, and so it would not be unreasonable to expect knowledge workers to have the same predisposition when it comes to software. Regardless, enterprise IT departments take a dim view of rogue software, or Shadow IT as it is also known.

To be fair to enterprise IT departments, software works best when it is integrated although integration is itself a spectrum. As a rule suites of software (Adobe, Microsoft) will all work together but often picking a team means organizations are sacrificing the very best options. For example, Excel is the king of spreadsheets but Google Docs is quickly becoming more popular than word.

Pick and choose

Instead of having to pick and choose, organizations can work around the limitations of software suites and invest in composable solutions which can be pulled together from the best in class tools. The large software vendors despise this solution because it underlines their ability to capture large sections of the market but the tide is already turning with initiatives such as open office and open analytics.

Integrated solutions allow for sharing documents, deriving statistics for business analysis and so on; it also means that files are transferable and interoperable. Overall, it reduces friction for the organization, even if there is a learning curve at the user level. Aside from convenience, the vast increases in ransomware attacks and corporate targeted scams mean running a tight ship is essential for businesses that operate at any kind of scale.

Shadow IT

With that in mind, shadow IT remains a thorn in the side of enterprise, with ChatGPT being the number one offender. Locking down laptops to try and stop unauthorized tool use is a mistake because it tends to encourage users to be crafty. But here’s a revolutionary idea, but why not give users what they want?

Interestingly, outside of the most technical roles it isn't really the bones of apps that most users take exception to, it is the interface. Very few users wish their software was coded in Rust to prevent memory leaks, or is optimized to run on ARM vs x86 architecture. Instead, users want to be able to find the information they need and for the buttons to stay in roughly the same places between versions so at a critical moment they aren't rifling through menus trying to find a function.

This user focus on interfaces means there’s an opportunity for developers to build products that are ‘universal’ (or that at least appear that way to users). This requires leveraging AI features to amplify the user experience with deeper analytics and customizations rather than watering it down.

Most developers are already adhering to software design philosophies like MACH, and any SaaS vendor that expects to be successful will adopt headless architecture in places so the solution can integrate with the kind of large suppliers that tend to buy capabilities from smaller developers for their own platforms.

The puzzle of AI

The last part of this puzzle is AI. This is a little more sophisticated than a ChatGPT plugin, and as a result it creates more value for customers. This isn’t to talk down rudimentary AI plugins, adding a ChatGPT interface for some data management and natural language processing capability is an effective way for businesses to dip their toe into the AI pool. That is why almost every business has their own version, but it doesn’t deliver on the potential of the technology of AI tools and leaves a lot on the table.

In terms of customer experience (CX) and user experience (UX), this is especially true because it limits AI to a small section of the interface. Instead by integrating AI throughout the interface it can become something much more effective, even revolutionary because with AI as a composing layer and AI products on the backend you can quickly iterate and deliver on new features because the solutions can interoperate more effectively.

AI is capable of something we’re loosely calling hyperpersonalization. Current efforts to personalize apps are limited to user profiles, a night and day mode for the interface, and maybe some limited language naturalization, but it's all out of the box and fixed in the application. This customization isn’t just at the user level but the business level. Instead of buying the best CRM on the market, buy a CRM that feels like it was purpose built for your business, even if your industry has only existed for a few weeks. That’s how quickly AI accelerates the speed to market of products.

Even the basic features above are far from guaranteed. Night mode is a hugely popular feature because it mediates the brightness of modern displays and despite requiring minimal effort to implement, it still isn’t standard. With AI, vendors can configure the ‘last mile’ of the interface based on data collected and stored with an AI agent's memory, which can include feedback on what tools or data points the user might need.

Consequences

The consequence of this, is that the AI is customizing the UI in ways that simply aren’t possible with traditional tools. Programs can respond to user level and environmental requirements, factors like time of day, colloquializations and adapting visualizations to account for data literacy. Imagine how much easier it would be to get things done if your sales platform knew when it was reporting season and reconfigured to highlight the KPIs you needed for a report. It is these smaller changes that save a few minutes each day and which in aggregate make a big difference.

‘Enterprise’ used to mean something that was better than the basic, consumer-facing option. Consumer apps have massively upped their level and now pro tools need to play catch up by offering something more sophisticated and elegant. Taking risks in integrating AI to interfaces and analytics will change the way we interact with computers, creating applications that are better than the old ones and delivering on the promise of enterprise grade tooling is the path to killing shadow IT.

We've highlighted the best CRM for small business.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Many organizations are finding it difficult to move Generative AI projects beyond the pilot stage into full-scale production, largely due to concerns around privacy, quality, and cost. As a result, there is a growing shift towards ‘AI agent systems’; a trend that is set to accelerate this year.

An AI agent system enables businesses to build and operationalize an AI agent (an intelligent application designed to automate and enhance human productivity) or set of AI agents that can perform complex tasks by combining multiple interacting components.

An AI agent system goes beyond using a single, stand-alone model to integrate a myriad of components, such as large language models (LLMs), classical machine learning (ML) models and business data and tools, to achieve very specific goals more efficiently.

The rising interest in AI agent systems is no coincidence. Businesses require more than just general intelligence. They need ‘data intelligence’: a new standard of relevance, governance, precision, and trust in their data.

The rise of AI agent systems to deliver tailored solutions

Unlike general-purpose AI models that aim to answer everything (and sometimes miss the mark), AI agent systems rely on multiple underlying components to deliver a better performance for users, allowing them to simplify or entirely automate very specific tasks and objectives.

The AI agents in the system have a distinct role and are created using specialized LLMs and pre-configured functions. For example, a customer support agent can collaborate with a financial forecasting agent within the same system, but each of them is performing optimally because they’re purpose-built for their domains.

This approach ensures enterprises get solutions tailored to their workflows, customers, and industries—something general models struggle to deliver well. With AI agent systems, it’s not about being ‘all-knowing’; it’s about ‘exactly knowing’.

Eliminating AI uncertainty

Many UK businesses may still fear rolling out new AI projects because of errors, bias, or unpredictable outputs. AI agent systems tackle this head-on by integrating human oversight and AI-based validation mechanisms. Many organizations opt for ‘human in the loop’ grading systems combined with tools that evaluate, cross-check, and refine AI outputs before they’re deployed.

These layers of validation create more trust. For enterprises, this means smoother adoption, greater confidence, and better outcomes.

Laying the groundwork for AI

To build such trusted systems, a robust data foundation is essential. Data is the lifeblood of any AI agent system - we hear this time and again. Enterprises today are racing to become data and AI companies, but the journey isn’t without challenges.

There is pressure to adopt AI, with all stakeholders wanting ‘in’ but few knowing where to start. Data is everywhere, and with fragmented datasets, unifying assets becomes a headache. And lastly, governance and security become paramount as more data can often equate to greater risks.

But despite these challenges, organizations are making strides, often starting with pilot projects that demonstrate ROI before scaling. This iterative approach is a strategic way to build the people, processes, and technology needed to sustain long-term AI transformations.

A key part of successful AI transformations is bringing data intelligence to the forefront. Organizations can do this through modern data architectures—such as data intelligence platforms—which unify, govern, and operationalize data in one place.

With natural language interfaces and private data integration, organizations can build custom models that truly understand their specific needs. These systems empower non-technical employees to more easily interact with data, democratizing AI and accelerating adoption across teams.

In fact, in a recent Economist Impact report, almost 60% of those surveyed anticipate that, within three years, natural language will become the primary or sole method for non-technical employees to engage with complex datasets.

The future of AI is agentic

The future of Enterprise AI lies in building integrated systems of specialized AI agents rather than simply developing ever-larger, standalone models. This shift towards a more interconnected approach enables organizations to address complex challenges with greater trust and precision.

With the right data platform, businesses can design AI agent systems tailored to their specific needs. By leveraging their own data, organizations can create domain-specific AI solutions that deliver reliable, high-quality results. This is made possible through the integration of key technologies, such as vector databases for precise data retrieval, fine-tuning and prompting for specialized reasoning, and monitoring frameworks to ensure safety and compliance.

The AI industry is evolving at an unprecedented pace, with AI agent systems redefining what’s possible. These systems go beyond solving problems; they enhance confidence, create value, and expand AI’s potential. For businesses ready to embrace this transformation, the future of AI is not just about ‘general intelligence’ but a new era of ‘data intelligence’.

We've compiled a list of the best business intelligence platforms.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Presidenti Trump did not reveal the trading partner, saying only that it was "A BIG, AND HIGHLY RESPECTED, COUNTRY" and that representatives would join him at 10 a.m. ET in the Oval Office.

(Image credit: Jim Watson)

Here are the answers for The New York Times Mini Crossword for May 8.

Secretary of Agriculture Brooke Rollins says the department will consider bringing back some employees who took the government's deferred resignation offer.

(Image credit: Brendan Smialowski)

Dr. Janette Nesheiwat withdrew her nomination for Surgeon General after questions about her credentials. Dr. Casey Means has a medical degree from Stanford and a best-selling book on metabolic health.

(Image credit: Ben Curtis)

An Environmental Protection Agency plan to eliminate its Energy Star offices would end a decades-old program that gave consumers a choice to buy environmentally friendly electronics and save money on bills, consumer and environmental groups said.

(Image credit: Joshua A. Bickel)

The immediate impact of the cargo decline affects virtually every business around the ports, but port officials say this downturn will soon be felt much more broadly.

(Image credit: Justin Sullivan)

The long-awaited phone will make its debut at a virtual Unpacked event. Here's everything to know and how to tune in.

• Samsung's next Galaxy Unpacked is a virtual-only affair on May 12, 2025
• The invite teases an ultra-thin phone with the text "Beyond slim"
• All signs are pointing to a formal reveal of the Galaxy S25 Edge, which will feature a 200MP wide lens

Ever since Samsung teased its ultra-slim variant of the Galaxy S25 family at its January 2025 Unpacked, and since then brought the Galaxy S25 Edge on a bit of a world tour with a stop at MWC, we’ve all been wondering when the tech giant would share more. Well, now we know.

Samsung’s just dropped invites for its next Galaxy Unpacked, and it’s an entirely virtual affair with a clear focus – the Galaxy S25 Edge. Even with its ultra-thin design that will land at under the Galaxy S25's 7.2-milimeters, it's still poking its way through the center of the invite.

The invite image reveals, under a cloth of some kind, the super slim silhouette. It’s accompanied by “Beyond slim” on the left and “May 12, 2025 Live on samsung.com” on the right.

That basically gives it away, and Samsung will stream this Galaxy Unpacked at 8pm ET/5pm PT/1am BST/ (10am AEST on May 13, 2025 in Australia) live on its site and on YouTube.

(Image credit: Samsung)

A shared blog post from Samsung details much more on this addition to the Galaxy S lineup and actually names the Galaxy S25 Edge, writing, “This is more than a slim smartphone.” It teases that the Galaxy S25 Edge will offer flagship-level performance with ‘superior portability’ without compromising on any of it, seemingly.

It also confirms a key spec for the Edge that’s been rummored alongside many others. “Even with its slim form, Galaxy S25 Edge’s 200MP wide lens continues Galaxy’s iconic camera experience, delivering pro-grade capabilities to intuitively capture the world around you,” thus confirming the ultra-slim phone will have a very sharp main shooter. It will also match the Galaxy S25 Ultra, which has the same sensor for the primary lens.

Samsung’s really highlighting that it took a lot of engineering work to make the Galaxy S25 Edge a reality and that it didn’t have any shortcomings that would have dropped it from the mainline Galaxy S family of phones. Much of the May 12 Galaxy Unpacked will likely delve into how this device came to be.

(Image credit: Future/Lance Ulanoff)

We still expect the Galaxy S25 Edge to arrive at a premium price, somewhere above $999 / £999 / AU$1,699. It should feature the Qualcomm Snapdragon 8 Elite for Galaxy inside, considering that’s powering the rest of the lineup. We also expect it to match 12GB of RAM, which should make it a speedy and efficient phone, but we also don’t yet know what size battery Samsung’s been able to squeeze inside the svelte frame.

The latest rumors point to the Galaxy S25 Edge having a titanium frame, weighing only 163 grams, and only 5.85 millimeters thick. That same report claims the Galaxy S25 Edge will have a 6.7-inch AMOLED screen with a 120Hz refresh rate, which aligns with previous reports.

The best news is that we’re just days away from this being official and Samsung telling us all about the Galaxy S25 Edge. It’s also the start of a new category of sorts – ultra-slim, premium smartphones for the masses, and Samsung will, in turn, be beating Apple to the punch before the much-rumored iPhone 17 Air sees the light of day.

Now, if you’re already sold on the Galaxy S25 Edge – maybe you’ve been holding out on getting an S25, S25 Plus, or S25 Ultra – Samsung is rolling out an early offer. You can sign up to reserve the next Galaxy, with no commitment to purchasing or strings attached, and score a $50 Samsung Credit towards the S25 Edge.

You can now sign up at Samsung to reserve the next Galaxy and score a $50 credit towards the next device, the Galaxy S25 Edge. As with past reserve offers, this is entirely commitment-free and doesn't cost anything.View Deal

You might also like

• The Samsung Galaxy S25 Edge has just leaked in full – including specs, renders, and pricing
• Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ design

Looming tariffs put an uncertain spin on the economy. Get on top of credit card debt now in case things go sideways.