The Hacker News

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy ...
Bleeping Computer

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened ...
The Hacker News

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the ...
GitHub

Unsafe inline javascript SvelteKit and FOUC

I noticed the immich app includes inline <script> blocks--specifically the SvelteKit bootstrap script and a theme-handling FOUC script. This means folks must loosen their Content Security Policy and ...
GitHub

Extend CSP script-src hashes

This feature adds two new prefixes to hashes in script-src directives (url- and eval-) and a new keyword (strict-dynamic-url). One of the main goals of this change is to keep compatibility with old ...
WTNH

CSP to conduct DUI patrols through Labor Day weekend

CONNECTICUT (WTNH) — State police are reminding people to be careful and take appropriate safety measures as Labor Day weekend approaches. As usual, troopers will be patrolling the highways throughout ...