Cybersecurity Headlines Microsoft blocks Entra, AI scammer legislation, ASUS patches AiCloud
7 snips
Nov 28, 2025 Microsoft plans to block unauthorized scripts for Entra ID sign-ins in 2026. New legislation aims to crack down on AI-assisted scams with tougher penalties. ASUS has patched a critical vulnerability in AiCloud with a set of firmware fixes. In other news, OpenAI cut ties with Mixpanel following a data breach, while three London councils experienced a shared IT outage. Dartmouth faced a significant data theft affecting 35,000 people, and Microsoft dealt with an Exchange Online outage impacting Outlook access.
AI Snips
Chapters
Transcript
Episode notes
Prepare For Entra ID CSP Changes
- Do test your Entra ID sign-in flows early and remove browser extensions that inject scripts before Microsoft's 2026 CSP rollout.
- Avoid tools that modify the intra-sign experience and switch to alternatives that don't alter browser-based authentication.
AI-Assisted Fraud Faces Harsher Penalties
- The AI Fraud Deterrence Act treats AI-assisted impersonation as especially serious, raising fines and prison terms dramatically.
- Legislators explicitly link AI tooling to heavier penalties for fraud and government impersonation.
Patch Or Disable Vulnerable AiCloud
- Patch affected ASUS routers running AiCloud immediately to remediate the CVE with a 9.2 CVSS authentication bypass.
- Disable AiCloud or Samba-based remote access until firmware updates are applied if patching is not possible.