Live Feeds
-
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft is enhancing security for Entra ID authentication by blocking unauthorized script injection attacks, starting in late 2026. This move involves updating their Content Security Policy (CSP) for the “login.microsoftonline.com” sign-in experience, allowing only scripts from trusted Microsoft domains to execute, thereby preventing malicious code.
-
Japan, UK Conduct First Airborne Drop in Hokkaido
Japan and the UK recently concluded Exercise Vigilant Isles 25 in Hokkaido, marking a significant milestone in their military cooperation. The drills, held from November 5 to 20, included their first-ever joint airborne drop on Japanese territory. The exercise brought together Japan Ground Self-Defense Force (JGSDF) airborne and amphibious units with British paratroopers from the…
-
UK Tests FC100 Drone’s Heavy-Lift Capabilities
Flowcopter has successfully completed a week of flight testing for Project MORRIGHAN, a UK jHubMed initiative. The tests focused on uncrewed logistics support and casualty evacuation capabilities. Their FC100 heavy-lift drone flew various prototype cargo systems, both underslung and hard-coupled. This demonstrated its operational potential for the UK defense community.
-
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The threat actor ToddyCat is using new hacking tools to steal corporate email data, including a custom tool called TCSectorCopy. They aim to obtain OAuth 2.0 authorization tokens from user browsers for accessing corporate mail. According to Kaspersky, this allows them to access emails outside the compromised infrastructure. ToddyCat has been active since 2020, targeting…
-
Japan Scrambles Jets to Intercept Chinese Spy Drone
Japan scrambled fighter jets on Monday after a presumed Chinese unmanned aircraft traversed the airspace between Yonaguni Island and Taiwan, prompting an emergency response. This incident follows a growing pattern of Chinese military aircraft activity near Japan, highlighting escalating tensions and the increasing presence of sophisticated unmanned aerial vehicles in the region.
-
New lab offers generative AI for defense wargaming
Johns Hopkins Applied Physics Laboratory is set to open GenWar, a new lab in 2026, aimed at revolutionizing defense wargaming through generative AI. This initiative seeks to provide faster, more in-depth analyses and allow human players to rapidly test strategies with AI agents, moving beyond traditional labor-intensive wargames.
-
Chat control risk for cyber resilience
The Dutch intelligence service, AIVD, warns that a new EU proposal for ‘chat control’ could severely harm the Netherlands’ cyber resilience. They express concerns that voluntary message scanning might weaken security systems, making critical infrastructure and personal data vulnerable to cyberattacks, despite the aim to combat child sexual abuse material.
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.
-
Bugcrowd Buys Mayhem Security for AI Hacking
Bugcrowd acquires Mayhem Security, an AI and cyber scaleup. This merger boosts ethical hacking with AI-powered testing. Mayhem’s AI platform offers continuous security testing. The collaboration aims to shrink attack surfaces and pre-empt risks.
-
Sanctions Hit Russia’s Bulletproof Hosting Provider
U.S., UK, and Australia sanction Russia-based Media Land for providing bulletproof hosting to ransomware groups like LockBit, BlackSuit, and Play, freezing assets and prohibiting transactions.