Authentication
Microsoft to secure Entra ID sign-ins from script injection attacks
Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened Content Security Policy that allows script downloads only from Microsoft-trusted content delivery network domains and inline script execution only from Microsoft-trusted sources during sign-ins. After rollout, it […]
ASUS warns of new critical auth bypass flaw in AiCloud routers
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. AiCloud is a cloud-based remote access feature that comes with many ASUS routers, turning them into private cloud servers for remote media streaming and cloud storage. As the Taiwanese electronics manufacturer explained, the CVE-2025-59366 vulnerability “can […]
HP pulls update that broke Microsoft Entra ID auth on some AI PCs
HP has pulled an HP OneAgent software update for Windows 11 that mistakenly deleted Microsoft certificates required for some organizations to log in to Microsoft Entra ID, disconnecting them from their company’s cloud environments. The bug was discovered by Patch My PC’s Rudy Ooms, who traced it to a silent, background update deployed by HP to its AI PC devices. […]
Microsoft: Recent Windows updates cause login issues on some PCs
Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers. Windows uses unique alphanumeric strings known as Security Identifiers (SIDs) to track and manage user accounts, groups, and computer accounts. SIDs are also used internally by the operating system for access control, permissions management, and security auditing, […]
New bug in classic Outlook can only be fixed via Microsoft support
Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. According to a recently published support document, this impacts Microsoft 365 customers who use classic Outlook on Windows systems. While the company didn’t specify the root cause of this ongoing issue, […]
Google shares workarounds for auth failures on ChromeOS devices
Google is working to resolve authentication issues affecting some ChromeOS devices, which are preventing affected users from signing into their Clever and ClassLink accounts. As the company explains in a recently updated incident report on the Google Workspace Status Dashboard, these authentication failures impact devices running version 16328.55.0 with Chrome browser version 139.0.7258.137. These issues are disrupting Single Sign-On access to Clever and ClassLink […]
Passwordstate dev urges users to patch auth bypass vulnerability
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. Passwordstate works as a secure password vault that enables organizations to store, organize, and control access to passwords, API keys, certificates, and various other types of credentials via a centralized web interface. […]
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. Auth0 is Okta’s identity and access management (IAM) platform used by organizations for login, authentication, and user management services. By releasingg the detection rules, the company aims to help security teams quickly analyze Auth0 logs for […]
Cisco warns of max severity flaw in Firewall Management Center
Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. Cisco FCM is a management platform for the vendor’s Secure Firewall products, which provides a centralized web or SSH-based interface to allow administrators to configure, monitor, and update Cisco firewalls. RADIUS in FMC […]
Citrix warns of login issues after NetScaler auth bypass patch
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. This happens because starting with NetScaler 14.1.47.46 and 13.1.59.19, the Content Security Policy (CSP) header, which mitigates risks associated with cross-site scripting (XSS), code injection, and […]