Reza Rafati
-
Chinese Travel Bookings to Russia Surge Amid Visa-Free Talks and Japan Tensions
Chinese travel bookings to Russia have surged dramatically, with some metrics showing increases of up to 400%, driven by President Vladimir Putin’s pledge for visa-free travel and escalating tensions between Beijing and Tokyo. This shift is also fueled by a diplomatic spat between Japan and China.
-
OpenAI leaks personal data and metadata of API users
OpenAI has disclosed a data leak affecting an undisclosed number of API users, with personal data and metadata exposed after an attack on its analytics provider, Mixpanel. The compromised data includes names, email addresses, location details, operating systems, browsers, referring websites, and user/organization IDs linked to API accounts.
-
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft is enhancing security for Entra ID authentication by blocking unauthorized script injection attacks, starting in late 2026. This move involves updating their Content Security Policy (CSP) for the “login.microsoftonline.com” sign-in experience, allowing only scripts from trusted Microsoft domains to execute, thereby preventing malicious code.
-
Japan, UK Conduct First Airborne Drop in Hokkaido
Japan and the UK recently concluded Exercise Vigilant Isles 25 in Hokkaido, marking a significant milestone in their military cooperation. The drills, held from November 5 to 20, included their first-ever joint airborne drop on Japanese territory. The exercise brought together Japan Ground Self-Defense Force (JGSDF) airborne and amphibious units with British paratroopers from the…
-
UK Tests FC100 Drone’s Heavy-Lift Capabilities
Flowcopter has successfully completed a week of flight testing for Project MORRIGHAN, a UK jHubMed initiative. The tests focused on uncrewed logistics support and casualty evacuation capabilities. Their FC100 heavy-lift drone flew various prototype cargo systems, both underslung and hard-coupled. This demonstrated its operational potential for the UK defense community.
-
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The threat actor ToddyCat is using new hacking tools to steal corporate email data, including a custom tool called TCSectorCopy. They aim to obtain OAuth 2.0 authorization tokens from user browsers for accessing corporate mail. According to Kaspersky, this allows them to access emails outside the compromised infrastructure. ToddyCat has been active since 2020, targeting…
-
Japan Scrambles Jets to Intercept Chinese Spy Drone
Japan scrambled fighter jets on Monday after a presumed Chinese unmanned aircraft traversed the airspace between Yonaguni Island and Taiwan, prompting an emergency response. This incident follows a growing pattern of Chinese military aircraft activity near Japan, highlighting escalating tensions and the increasing presence of sophisticated unmanned aerial vehicles in the region.
-
New lab offers generative AI for defense wargaming
Johns Hopkins Applied Physics Laboratory is set to open GenWar, a new lab in 2026, aimed at revolutionizing defense wargaming through generative AI. This initiative seeks to provide faster, more in-depth analyses and allow human players to rapidly test strategies with AI agents, moving beyond traditional labor-intensive wargames.
-
Chat control risk for cyber resilience
The Dutch intelligence service, AIVD, warns that a new EU proposal for ‘chat control’ could severely harm the Netherlands’ cyber resilience. They express concerns that voluntary message scanning might weaken security systems, making critical infrastructure and personal data vulnerable to cyberattacks, despite the aim to combat child sexual abuse material.
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.